[Openswan Users] RES: RES: openswan crashing kernel (long)

Giovani Moda giovani at mrinformatica.com.br
Wed Jul 8 09:21:21 EDT 2009


>FC-5 and FC-7 (and FC-8 and F-9 for that matter) are EOL. No one is
>working on those kernels anymore.

I do understand the EOL, but spite the fact that I have a lot of FC5
systems running and I'm unable to update them to 2.4.10 and on, newer
fedora releases are using cutting edge kernels. I picked FC7 to test
thinking it would be more or less compatible with RHEL5 (or even the
upcoming RHEL6). But I would be glad to test with newer fedora releases
if this would get things rolling. How well would kernel 2.6.29 (FC11)
work with openswan-2.4.x branch, since I do need L2TP/IPSEC on those
systems? 
 
>It's still unresolved, and klips is also affeceted by part of it (the
>losing port of the protoport setting)

That aggravates even more, since I've compiled openswan-2.6.22 with that
FC7 box I was talking about (netkey, I had trouble with KLIPS module and
didn't have time to look into it yet) and had no more crashes. In fact,
I was able to use it non stop since yesterday. But, due to #1004, I
can't use L2TP/IPSEC on it. As a side note, I've removed L7 and IMQ from
my kernels, and still got the crash on openswan-2.4.15, and it happened
even with netkey, blowing my theory that it was the KLIPS module to
blame. The only thing I can try now is vanilla kernel. Which brings me
to my previous question: what version should I use?

>All klips/userland support is in 2.6.x. You will need to look at hte
>ng-patch/ directory for an (older) kernel patch, and port it to the
>newer kernels. The iproute2 patches should no longer be needed, but
>verify the updown script uses the newer style iproute fwmask.

I'm not sure I understood that. I guess I didn't make myself clear, the
question was for using multiple clients behind the same router with
openswan-2.6.22. I know it doesn't work yet due to #1004, but I would
like to be prepared for when it's fixed.

Sorry for being a pain, but I'm hitting a wall here. I really think I
need to update openswan because of those vulnerabilities, but I can't
seem to find a way to make it play with my systems. If updating the
fedora release is the way, I'll go ahead and do it, but I need to make
sure that this will in fact resolve the problem, because there will be a
lot of effort involved if doing so.

Thanks,

Giovani

 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4224 (20090708) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


More information about the Users mailing list