[Openswan Users] upgrade openswan on CC 4.3 box

Sven J. van Rooij sven at digitalcarmel.net
Tue May 19 15:38:54 EDT 2009



Thanks for the quick response.

So I did do the upgrade and same issue...


I get my tunnels up, but now no traffic seems to go across the tunnel.

Pings time out.


And the ipsec verify  gives me this


Checking your system to see if IPsec got installed and started

Version check and ipsec on-path                             [OK]

Linux Openswan U2.4.9/K2.6.18-93.cc4 (netkey)

Checking for IPsec support in kernel

NETKEY detected, testing for disabled ICMP send_redirects


  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!


NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]


  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!


Checking for RSA private key (/etc/ipsec.secrets)

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                    [OK]

Two or more interfaces found, checking IP forwarding              [OK]

Checking NAT and MASQUERADEing                              

Checking for 'ip' command                                         [OK]

Checking for 'iptables' command                                   [OK]

cat: ipsec.*.conf: No such file or directory

Opportunistic Encryption Support

  Cannot execute command "which iptables": No such file or directory

 cat: ipsec.*.conf: No such file or directory



Even though I have disabled the send and accept redirects....


Any ideas??




From: Nick Howitt [mailto:n1ck.h0w1tt at googlemail.com] 
Sent: Tuesday, May 19, 2009 10:51 AM
To: Sven J. van Rooij
Cc: users at openswan.org
Subject: Re: [Openswan Users] upgrade openswan on CC 4.3 box



The instructions in this
e=0&vc=1>  thread in the CC forums work fine for Openswan-2.4.14. I
could not make it work with 2.6.18 or 2.6.21. 2.6.18 may compile but
won't run. 2.6.21 will not compile.

I have Openswan working fine as a VPN gateway/router. I just cannot get
the file server to work properly through the VPN, not can I get pings to
and from the gateway work reliably through the tunnel. LAN-LAN traffic
through the gateway is OK.

I was going to wait until CC5 (Openswan-2.6.14) is released before
troubleshooting this any further.


Sven J. van Rooij wrote: 

An anyone direct me towards a good set of instructions on how to upgrade
openswan on a clark connect box.


Regardless which version (besides the original)  I choose, I end up with
a tunnel, but no traffic on it.








Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan: 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090519/82b7e8ec/attachment.html 

More information about the Users mailing list