[Openswan Users] adding interface ipsecX problem

ник карлов sco_support at mail.ru
Tue Feb 17 03:48:49 EST 2009 

Hello All,

we have got error at openswan startup when had added new "ipsec2" interface in ipsec.conf
(interfaces="ipsec0=eth0:1 ipsec1=eth1 ipsec2=eth0"):

ipsec_setup: Starting Openswan IPsec U2.6.16/K2.6.19...
ipsec_setup: /usr/local/libexec/ipsec/tncfg: Socket ioctl failed on attach -- No such device.  Is the virtual device valid?  Is the ipsec module linked into the kernel or loaded as a module?
ipsec_setup: SIOCSIFADDR: No such device
ipsec_setup: ipsec2: unknown interface: No such device
ipsec_setup: SIOCSIFBRDADDR: No such device
ipsec_setup: ipsec2: unknown interface: No such device
ipsec_setup: SIOCSIFNETMASK: No such device

also in syslog we can see:

Feb  5 17:00:06 server1 ipsec_setup: KLIPS ipsec0 on eth0:1 172.16.1.1/255.255.255.0 broadcast 172.16.1.255
Feb  5 17:00:06 server1 ipsec_setup: KLIPS ipsec1 on eth1 192.168.30.5/255.255.255.0 broadcast 192.168.30.255
Feb  5 17:00:06 server1 ipsec_setup: KLIPS ipsec2 on eth0 192.168.10.5/255.255.255.0 broadcast 192.168.10.255


but with two interfaces "ipsec0" and "ipsec1" everything works fine


we use linux with kernel 2.6.25.18

additional info:
---
ipsec.conf
---
version 2

config setup
        interfaces="ipsec0=eth0:1 ipsec1=eth1 ipsec2=eth0"
        plutostderrlog=/var/log/pluto

conn %default
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart

conn l2tp-x509-int1
        left=172.16.1.1
        also=l2tp-x509-common
        auto=add

conn l2tp-x509-int2
        left=192.168.30.5
        also=l2tp-x509-common
        auto=add

conn l2tp-x509-int3
        left=192.168.10.5
        also=l2tp-x509-common
        auto=add

conn l2tp-x509-common
        leftprotoport=17/1701
        leftrsasigkey=%cert
        leftcert=vpn-srv.pem
        rightprotoport=17/%any
        right=%any
        rightrsasigkey=%cert
        authby=rsasig
        pfs=no
        type=transport
        rightca=%same


---
ifconfig
---
eth0      Link encap:Ethernet  HWaddr 00:0C:29:57:87:CC  
          inet addr:192.168.10.5  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe57:87cc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:117 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7029 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8959 (8.7 KiB)  TX bytes:406178 (396.6 KiB)
          Interrupt:10 Base address:0x2000 

eth0:1    Link encap:Ethernet  HWaddr 00:0C:29:57:87:CC  
          inet addr:172.16.1.1  Bcast:172.16.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x2000 

eth1      Link encap:Ethernet  HWaddr 00:0C:29:57:87:E0  
          inet addr:192.168.30.5  Bcast:192.168.30.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe57:87e0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3139 (3.0 KiB)  TX bytes:1440 (1.4 KiB)
          Interrupt:9 Base address:0x2080 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1570 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1570 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:207240 (202.3 KiB)  TX bytes:207240 (202.3 KiB)


any help or ideas will be appreciated!

Thank you,
Andy

More information about the Users mailing list