[Openswan Users] Compilation is OK, Klips doesn't load, help?

Paul Wouters paul at xelerance.com
Thu Jun 12 10:23:37 EDT 2008 

You need to patch the kernel with the nat-t patch. Or change the
build to not include nat-t support, by setting or changing
MODULE_DEF_INCLUDE/MODULE_DEFCONFIG.

Paul

On Thu, 12 Jun 2008, Joe Strang wrote:

> Date: Thu, 12 Jun 2008 06:49:42 -0400
> From: Joe Strang <joe.strang at gmail.com>
> Cc: users at openswan.org
> To: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] Compilation is OK, Klips doesn't load, help?
> 
> Dear Paul
> Thank you very mcuh for your help.
> I rebuilt the kernel with disabling the following:
>   CONFIG_INET_ESP   disable
>   CONFIG_INET_AH    disable
>
> and I installed the kernel, then I tried to comile and install
> openswan, but I had the following error (from the outout of the
> "dmesg" command):
>  ipsec: Unknown symbol udp4_register_esp_rcvencap
>  ipsec: Unknown symbol udp4_unregister_esp_rcvencap
> The commands I used is shown step-by-step below.
> Your help would be apprceiated.
> Thanks and regards.
> Joe
>
> ====Step-by-step commands I used to compile and install openswan ==
> /usr/src/new2# ipsec --version
> Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)
> See `ipsec --copyright' for copyright information.
> /usr/src/new2#cd openswan
> /usr/src/new2/openswan# make KERNELSRC=/usr/src/new2/linux-2.6 programs module
> The output ends with the following:
> =====================start=========================
> KLIPS26 module built successfully.
> ipsec.ko is in /usr/src/new2/openswan-2.4.12/modobj26/ipsec.ko
>
> -rw-r--r-- 1 root root 369353 2008-06-12 08:36 ipsec.ko
>   text    data     bss     dec     hex filename
> 269243   10408    5484  285135   459cf ipsec.ko
>
> use make minstall as root to install it
> =====================end===========================
>
> Then I isntall it with the following command:
> /usr/src/new2/openswan#make KERNELSRC=/usr/src/new2/linux-2.6 install minstall
> and it ends with the following output:
> =====================start==============
> + mkdir -p /lib/modules/2.6.18/kernel/net/ipsec
> + cp /usr/src/new2/openswan-2.4.12/modobj26/ipsec.ko
> /lib/modules/2.6.18/kernel/ net/ipsec
> + '[' -f /sbin/depmod ']'
> + depmod -a
> + '[' -n net/ipsec ']'
> + mkdir -p /lib/modules/2.6.18/kernel/net/ipsec
> + '[' -f /lib/modules/2.6.18/kernel/ipsec.ko -a -f
> /lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko ']'
> + set -x
> make[1]: Leaving directory `/usr/src/new2/openswan-2.4.12'
> =====================end=================
> Until now, everything seems fine.
> Then, I checked openswan with the following command:
>
> /usr/src/new2/openswan# ipsec --version
> Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)
> See `ipsec --copyright' for copyright information.
>
> Then, I tried the command:
>
> /usr/src/new2/openswan# modprobe ipsec
> FATAL: Module ipsec not found.
>
> Then, I tried this command:
>
> /usr/src/new2/openswan# depmod -a
> and this command didn't give any output
>
> Then, I tried this command:
>
> /usr/src/new2/openswan# insmod /lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko
> insmod: error inserting
> '/lib/modules/2.6.18/kernel/net/ipsec/ipsec.ko': -1 Unknown symbol in
> module
>
> Then, I tried this command:
>
> /usr/src/new2/openswan# dmesg
> and at the end of the long output, it showed the following:
> =============start===============
> padlock: VIA PadLock not detected.
> [drm] Initialized drm 1.0.1 20051102
> ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 50
> [drm] Initialized i915 1.5.0 20060119 on minor 0
> eth0: no IPv6 routers present
> ipsec: Unknown symbol udp4_register_esp_rcvencap
> ipsec: Unknown symbol udp4_unregister_esp_rcvencap
> ====================end==================
>
> Then, I tried this command:
>
> /usr/src/new2/openswan# rmmod xfrmuser af_key esp4 ah4 ipcomp xfrm4_tunnel
> ERROR: Module xfrmuser does not exist in /proc/modules
>
> Then, I tried this command:
>
> :/usr/src/new2/openswan# ipsec --version
> Linux Openswan U2.4.12/K(no kernel code presently loaded)
> See `ipsec --copyright' for copyright information.
>
> Then, I tried this command again:
>
> /usr/src/new2/openswan# modprobe ipsec
> FATAL: Module ipsec not found.
>
>
>
> On Wed, Jun 11, 2008 at 6:26 PM, Paul Wouters <paul at xelerance.com> wrote:
>>
>>
>>>
>>> The command "dmesg" produces the following long output as shown below.
>>
>> klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version:
>> 2.4.12
>> NET: Registered protocol family 15
>> KLIPS: can not register ESP protocol - recompile with CONFIG_INET_ESP
>> disabled or as module
>> KLIPS: can not register AH protocol - recompile with CONFIG_INET_AH
>> disabled or as module
>> klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
>> klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
>> ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
>> klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)
>> ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
>> BUG: unable to handle kernel paging request at virtual address f8ea3860
>>
>> That looks like esp4 and ah4 are either loaded or build into the kernel,
>> so KLIPS fails to install its protocol handlers. (It should not oops your
>> kernel, but the root of the problem seems to not being able to take ESP
>> and AH handlers.
>>
>> Paul
>>
>

More information about the Users mailing list