[Openswan Users] ASSERTION FAILED Request for Help

David Klann dxklann at gmail.com
Fri Mar 7 20:21:59 EST 2008


On Fri, 7 Mar 2008 17:28:01 -0500 (EST)
Paul Wouters <paul at xelerance.com> wrote:

> On Fri, 7 Mar 2008, David Klann wrote:
> 
> does your kernel support CONFIG_NET_KEY ?

Yup. It's configured as a module (<M>). The kernel config help text
says:

CONFIG_NET_KEY:

 PF_KEYv2 socket family, compatible to KAME ones.
 They are required if you are going to use IPsec tools ported
 from KAME.

 Say Y unless you know what you are doing.

I believe the kernel object module is "af_key.ko".

> 
> can you run "ipsec barf" and post the bit that checks for CONFIG_
> options?

Below. I've also included a few other parts of the barf output for
your additional reference.

Thanks!

 -David

+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.4.12/K2.6.21-gentoo-r4 (netkey)
Checking for IPsec support in kernel                        	[OK]
NETKEY detected, testing for disabled ICMP send_redirects   	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking for RSA private key (/etc/ipsec.secrets)           	[DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                              	[FAILED]
  whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Two or more interfaces found, checking IP forwarding        	[FAILED]
  whack: is Pluto running?  connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]

+ cat /etc/gentoo-release
Gentoo Base System release 1.12.11.1
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.21-gentoo-r4) support detected '
NETKEY (2.6.21-gentoo-r4) support detected 

+ test -f /proc/modules
+ cat /proc/modules
xfrm_user 18432 0 - Live 0xfa48f000
xfrm4_tunnel 2176 0 - Live 0xf98fe000
af_key 26896 0 - Live 0xfa5e9000
sha1 2304 0 - Live 0xf98e3000
sha256 11008 0 - Live 0xfa4af000
xfrm4_mode_tunnel 2432 0 - Live 0xf8833000
twofish_i586 5504 0 - Live 0xfa486000
twofish_common 34816 1 twofish_i586, Live 0xfa5df000
blowfish 8192 0 - Live 0xfa483000
aes_i586 32500 0 - Live 0xfa4a6000
des 16128 0 - Live 0xfa48a000
esp4 5504 0 - Live 0xfa480000
ah4 4736 0 - Live 0xfa45a000
ipcomp 5128 0 - Live 0xfa449000
radeon 108164 0 - Live 0xfa5fb000
drm 64020 1 radeon, Live 0xfa495000
snd_seq_oss 25620 0 - Live 0xfa44d000
snd_seq_device 5256 1 snd_seq_oss, Live 0xf9888000
snd_seq_midi_event 5760 1 snd_seq_oss, Live 0xf9885000
snd_seq 39556 4 snd_seq_oss,snd_seq_midi_event, Live 0xf98d8000
snd_pcm_oss 34432 0 - Live 0xfa439000
snd_mixer_oss 13056 1 snd_pcm_oss, Live 0xf989a000
nfs 195872 0 - Live 0xfa4bd000
lockd 51448 1 nfs, Live 0xf98f0000
sunrpc 132600 3 nfs,lockd, Live 0xfa45e000
vfat 9472 0 - Live 0xf9881000
fat 40604 1 vfat, Live 0xf98e5000
usb_storage 22276 0 - Live 0xf9893000
libusual 13456 1 usb_storage, Live 0xf8848000
snd_intel8x0 25756 3 - Live 0xf988b000
snd_ac97_codec 87076 1 snd_intel8x0, Live 0xf98c1000
ac97_bus 1920 1 snd_ac97_codec, Live 0xf8846000
snd_pcm 61192 3 snd_pcm_oss,snd_intel8x0,snd_ac97_codec, Live 0xf98b1000
snd_timer 16644 2 snd_seq,snd_pcm, Live 0xf8879000
snd 38964 15 snd_seq_oss,snd_seq_device,snd_seq,snd_pcm_oss,snd_mixer_oss,snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer, Live 0xf8853000
uhci_hcd 19344 0 - Live 0xf884d000
snd_page_alloc 6920 2 snd_intel8x0,snd_pcm, Live 0xf8843000
intel_agp 19356 1 - Live 0xf883d000
usbcore 104064 4 usb_storage,libusual,uhci_hcd, Live 0xf885e000
agpgart 24752 2 drm,intel_agp, Live 0xf8835000

+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
# CONFIG_IPC_NS is not set
CONFIG_XFRM=y
CONFIG_XFRM_USER=m
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
CONFIG_NET_KEY=m
# CONFIG_NET_KEY_MIGRATE is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
# CONFIG_IP_MROUTE is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
# CONFIG_IP_VS_PROTO_TCP is not set
# CONFIG_IP_VS_PROTO_UDP is not set
# CONFIG_IP_VS_PROTO_ESP is not set
# CONFIG_IP_VS_PROTO_AH is not set
# CONFIG_IP_VS_RR is not set
# CONFIG_IP_VS_WRR is not set
# CONFIG_IP_VS_LC is not set
# CONFIG_IP_VS_WLC is not set
# CONFIG_IP_VS_LBLC is not set
# CONFIG_IP_VS_LBLCR is not set
# CONFIG_IP_VS_DH is not set
# CONFIG_IP_VS_SH is not set
# CONFIG_IP_VS_SED is not set
# CONFIG_IP_VS_NQ is not set
CONFIG_IPV6=y
# CONFIG_IPV6_PRIVACY is not set
# CONFIG_IPV6_ROUTER_PREF is not set
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
# CONFIG_IPV6_MIP6 is not set
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_SIT=y
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IP_NF_CONNTRACK_SUPPORT is not set
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
# CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=m
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y
CONFIG_HW_RANDOM_GEODE=y
CONFIG_HW_RANDOM_VIA=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_GEODE=m

+ date
Fri Mar  7 19:10:32 CST 2008


More information about the Users mailing list