[Openswan Users] duplicate key error when ipsec auto --add connection

Paul Wouters paul at xelerance.com
Wed Jun 4 09:34:19 EDT 2008

On Wed, 4 Jun 2008, Liviu Nicoara wrote:

> I am trying for a couple of days now to set up a connection to my
> office using OpenSWAN 2.5.16, with little success.

> ipsec_setup: Starting Openswan IPsec 2.5.16...
> ipsec_setup: FATAL ERROR: Both KLIPS and NETKEY IPsec code is present
> in kernel
> ipsec_setup: OOPS, should have aborted!  Broken shell!

This was fixed later on:

If using NETKEY, you can also put "protostack=netkey" in the "config setup"
section of ipsec.conf to bypass starting klips.

> Then, the script code which emits that "FATAL ERROR" is in
> /usr/local/lib/ipsec/_startklips:
> if test ! -f $ipsecversion && test ! -f $netkey; then

That line should be:

if test -f $ipsecversion && test -f $netkey

> Linux Openswan U2.5.16/K(no kernel code presently loaded)
> Checking for IPsec support in kernel                            [FAILED]

That will get fixed by the above.

> Linux Openswan U2.5.16/K2.6.25.4 (netkey)
> Checking for IPsec support in kernel                            [OK]

It found netkey anyway.

> tmp# ipsec auto --up theoffice
> 024 need --listen before --initiate

That is because you starten it differently. Do the one line fix
above and run the init script to start or run "ipsec setup start"


More information about the Users mailing list