[Openswan Users] Difficulties

João Kuchnier joao.kuchnier at gmail.com
Mon Jun 15 09:22:00 EDT 2009 

Hi Paul,

On Wed, 10 Jun 2009, João Kuchnier wrote:

> > --> OK, but I encountered this errors while compiling...

#Your email client's method of quoting is very unreadable to me, just so
#you know...

Sorry, but I'm using Gmail

> >
> > #make programs install
> > #In file included from
/home/administrador/openswan-2.6.21/include/certs.h:23,
> > #                 from
/home/administrador/openswan-2.6.21/lib/libopenswan/id.c:40:
> > #/home/administrador/openswan-2.6.21/include/secrets.h:19:41: error:
gmp.h: No such file or directory

#Install gmp-devel / libgmp3-dev

--> OK. I installed other three packages too: flex, xmlto and bison.
--> Now I'm facing another problem:

root at vpn:~/openswan-2.6.21# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.6.21...
ipsec_setup: No KLIPS support found while requested, desperately falling
back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf
to avoid attempts to use KLIPS. Attempting to continue with NETKEY

I used the protostack=netkey option in ipsec.conf but the VPN seems not to
start

root at vpn-lyra:~/openswan-2.6.21# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.21/K2.6.24-19-server...
ipsec_setup: multiple ip addresses, using  192.168.1.224 on eth0
It stops here...

Running "ipsec verify"

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.21/K2.6.24-19-server (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

#Paul
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090615/b3138ecd/attachment.html

More information about the Users mailing list