[Openswan Users] Compilation is OK, Klips doesn't load, help?

Joe Strang joe.strang at gmail.com
Thu Jun 12 06:49:42 EDT 2008 

Dear Paul
Thank you very mcuh for your help.
I rebuilt the kernel with disabling the following:
   CONFIG_INET_ESP   disable
   CONFIG_INET_AH    disable

and I installed the kernel, then I tried to comile and install
openswan, but I had the following error (from the outout of the
"dmesg" command):
  ipsec: Unknown symbol udp4_register_esp_rcvencap
  ipsec: Unknown symbol udp4_unregister_esp_rcvencap
The commands I used is shown step-by-step below.
Your help would be apprceiated.
Thanks and regards.
Joe

====Step-by-step commands I used to compile and install openswan ==
/usr/src/new2# ipsec --version
Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)
See `ipsec --copyright' for copyright information.
/usr/src/new2#cd openswan
/usr/src/new2/openswan# make KERNELSRC=/usr/src/new2/linux-2.6 programs module
The output ends with the following:
=====================start=========================
KLIPS26 module built successfully.
ipsec.ko is in /usr/src/new2/openswan-2.4.12/modobj26/ipsec.ko

-rw-r--r-- 1 root root 369353 2008-06-12 08:36 ipsec.ko
   text    data     bss     dec     hex filename
 269243   10408    5484  285135   459cf ipsec.ko

use make minstall as root to install it
=====================end===========================

Then I isntall it with the following command:
/usr/src/new2/openswan#make KERNELSRC=/usr/src/new2/linux-2.6 install minstall
and it ends with the following output:
=====================start==============
+ mkdir -p /lib/modules/2.6.18/kernel/net/ipsec
+ cp /usr/src/new2/openswan-2.4.12/modobj26/ipsec.ko
/lib/modules/2.6.18/kernel/ net/ipsec
+ '[' -f /sbin/depmod ']'
+ depmod -a
+ '[' -n net/ipsec ']'
+ mkdir -p /lib/modules/2.6.18/kernel/net/ipsec
+ '[' -f /lib/modules/2.6.18/kernel/ipsec.ko -a -f
/lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko ']'
+ set -x
make[1]: Leaving directory `/usr/src/new2/openswan-2.4.12'
=====================end=================
Until now, everything seems fine.
Then, I checked openswan with the following command:

/usr/src/new2/openswan# ipsec --version
Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)
See `ipsec --copyright' for copyright information.

Then, I tried the command:

/usr/src/new2/openswan# modprobe ipsec
FATAL: Module ipsec not found.

Then, I tried this command:

/usr/src/new2/openswan# depmod -a
and this command didn't give any output

Then, I tried this command:

/usr/src/new2/openswan# insmod /lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko
insmod: error inserting
'/lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko': -1 Unknown symbol in
module

Then, I tried this command:

/usr/src/new2/openswan# dmesg
and at the end of the long output, it showed the following:
=============start===============
padlock: VIA PadLock not detected.
[drm] Initialized drm 1.0.1 20051102
ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 50
[drm] Initialized i915 1.5.0 20060119 on minor 0
eth0: no IPv6 routers present
ipsec: Unknown symbol udp4_register_esp_rcvencap
ipsec: Unknown symbol udp4_unregister_esp_rcvencap
====================end==================

Then, I tried this command:

/usr/src/new2/openswan# rmmod xfrmuser af_key esp4 ah4 ipcomp xfrm4_tunnel
ERROR: Module xfrmuser does not exist in /proc/modules

Then, I tried this command:

:/usr/src/new2/openswan# ipsec --version
Linux Openswan U2.4.12/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.

Then, I tried this command again:

/usr/src/new2/openswan# modprobe ipsec
FATAL: Module ipsec not found.



On Wed, Jun 11, 2008 at 6:26 PM, Paul Wouters <paul at xelerance.com> wrote:
>
>
>>
>> The command "dmesg" produces the following long output as shown below.
>
> klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version:
> 2.4.12
> NET: Registered protocol family 15
> KLIPS: can not register ESP protocol - recompile with CONFIG_INET_ESP
> disabled or as module
> KLIPS: can not register AH protocol - recompile with CONFIG_INET_AH
> disabled or as module
> klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
> klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
> ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
> klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)
> ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
> BUG: unable to handle kernel paging request at virtual address f8ea3860
>
> That looks like esp4 and ah4 are either loaded or build into the kernel,
> so KLIPS fails to install its protocol handlers. (It should not oops your
> kernel, but the root of the problem seems to not being able to take ESP
> and AH handlers.
>
> Paul
>

More information about the Users mailing list