[Openswan Users] Problem : unregister_netdevice: waiting for ipsec0 to become free

Jean-Michel Bonnefond pompon2 at gmail.com
Tue Sep 16 04:39:24 EDT 2008 

Hello everybody,

I'm currently using openswan 2.4.9 over a self compiled linux kernel 2.6.18
with the Klips stack instead of netkey.

I'm trying to upgrade my kernel to the debian patched kernel 2.6.18 (wich
include security patches that I need) and I would like to upgrade openswan
in the same time.

I'm not sure of which new version to choose. What is the major differences
between openswan 2.4.13 and 2.6.16? I remember having read somewhere on this
list that "It is not recommend to upgrade to v2.6 as the openswan 2.6.x have
ipsec.conf different, parameter mast= and other problems.... " and the
changelog stops at 2.4.13.

Are the 2.6.x development versions leadind to v3 ?


So I decided to use the most stable recent 2.4 version, I successfully
compile openswan and klips 2.4.13 over the kernel and my tunnels seems to
work properly. However when I try to stop ipsec, the klips module seems not
to unload correctly and I got an error when unregistering ipsec0. This
prevent my system to shutdown :

localhost:~# ipsec --version
Linux Openswan 2.4.13 (klips)

localhost:~# /etc/init.d/ipsec status
IPsec running  - pluto pid: 1896
pluto pid 1896
1 tunnels up
some eroutes exist

Sep 16 07:57:27 localhost kernel: klips_info:ipsec_init: KLIPS startup,
Openswan KLIPS IPsec stack version: 2.4.13
Sep 16 07:57:27 localhost kernel: NET: Registered protocol family 15
Sep 16 07:57:27 localhost kernel: klips_info:ipsec_alg_init: KLIPS alg
v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
Sep 16 07:57:27 localhost kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 16 07:57:27 localhost kernel: ipsec_aes_init(alg_type=15 alg_id=12
name=aes): ret=0
Sep 16 07:57:27 localhost kernel: ipsec_3des_init(alg_type=15 alg_id=3
name=3des): ret=0


When I try to stop :

localhost:~# /etc/init.d/ipsec stop
Message from syslogd at localhost at Tue Sep 16 08:01:43 2008 ...
localhost kernel: unregister_netdevice: waiting for ipsec0 to become free.
Usage count = -6
Message from syslogd at localhost at Tue Sep 16 08:02:14 2008 ...
localhost last message repeated 3 times
Message from syslogd at localhost at Tue Sep 16 08:03:16 2008 ...
localhost last message repeated 6 times

running process :
 3913 pts/1    S+     0:00 /bin/sh /etc/init.d/ipsec stop
 3914 pts/1    S+     0:00 /bin/sh /usr/local/lib/ipsec/_realsetup stop
 3931 pts/1    D+     0:00 rmmod ipsec

localhost:~# /etc/init.d/ipsec status
IPsec stopped
but...
has subsystem lock (/var/lock/subsys/ipsec)!
localhost:~# lsmod | grep ipsec
ipsec                 296584  0
localhost:~# ipsec --version
Linux Openswan U2.4.13/K(no kernel code presently loaded)

I could not get an ipsec barf after stopping ipsec as it freeze on the
ifconfig command but I could send the barf when server is running if it
could be usefull.

Any ideas?

Thanks a lot,

Jean-Michel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080916/2be320f4/attachment-0001.html

More information about the Users mailing list