[Openswan Users] Openswan on Ubuntu 8.10

openswan at thefeds.net openswan at thefeds.net
Mon Jan 5 11:00:10 EST 2009

The ipsec.conf I used was pre existing. I didn't look at any 
/etc/ipsec.conf that might have been installed by the openswan rpm I built 
from sources, it was overwritten with my file by my configuration rpm 
(which trigered the install of openswan through a requires clause).

I did look at an example file 
(/usr/share/doc/openswan-2.6.19/linux-linux.conf) which doesn't have 
protostack=netkey in when installed via rpm onto CentOS. It might be nice 
if it did, depending on what OS the rpm was built for/installed on but it 
isn't likely to be an issue for most people.

Next time I build a CentOS 5 box (in the next few days) I will install the 
openswan rpm on it's own and check the /etc/ipsec.conf and report back.


On Mon, 5 Jan 2009, Paul Wouters wrote:

> On Mon, 5 Jan 2009, openswan at thefeds.net wrote:
>> I had to add protostack=netkey to ipsec.conf to get openswan to start on
>> CentOS 5.0. Without that it would start on the second attempt, but not the
>> first.
> Then someone should file a bug report against RHEL for that. I know the
> fedora package ships with protostack=netkey.
> Or this is because ipsec.conf already existed from an openswan 2.4.x config
> when the rpm was upgraded to openswan 2.6.x.
> Paul

More information about the Users mailing list