[Openswan Users] CentOS 5.3 and klips
Maverick
maverick.pt at gmail.com
Sat Sep 12 14:31:58 EDT 2009
I've compiled and installed from the sources and now Works fine.
I guess fedora patches that came with the src rpms breaks something, maybe
the init script.
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: sexta-feira, 11 de Setembro de 2009 21:59
To: Maverick
Cc: users at openswan.org
Subject: RE: [Openswan Users] CentOS 5.3 and klips
On Fri, 11 Sep 2009, Maverick wrote:
> I'm now trying with Fedora 11 x86, which has a newer kernel compared to
> centos,
> and I also moved to openswan-2.6.23, but still no luck :(
>From my Fedora 11 machine:
Sep 11 16:54:32 bofh pluto[9122]: Starting Pluto (Openswan Version 2.6.23;
Vendor ID OEm at kgSFEH@\177) pid:9122
Sep 11 16:54:32 bofh pluto[9122]: Setting NAT-Traversal port-4500 floating
to on
Sep 11 16:54:32 bofh pluto[9122]: port floating activation criteria
nat_t=1/port_float=1
Sep 11 16:54:32 bofh pluto[9122]: including NAT-Traversal patch (Version
0.6c)
Sep 11 16:54:32 bofh pluto[9122]: using /dev/urandom as source of random
entropy
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
Sep 11 16:54:32 bofh pluto[9122]: no helpers will be started, all
cryptographic operations will be done inline
Sep 11 16:54:32 bofh pluto[9122]: Using KLIPS IPsec interface code on
2.6.30.5-43.fc11.x86_64
It seems fine for me?
> This is what I get when I start the service:
>
> /etc/init.d/ipsec start
> /usr/libexec/ipsec/addconn Non-fips mode set in
> /proc/sys/crypto/fips_enabled
> ipsec_setup: Starting Openswan IPsec 2.6.23...
> ipsec_setup: /usr/libexec/ipsec/tncfg: exactly one of
> ipsec_setup: '--attach', '--detach', '--create', '--delete' or '--clear'
> ipsec_setup: options must be specified.
> ipsec_setup: SIOCSIFFLAGS: No such device
> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
That is not a locally compiled openswan. Are you sure you don't have
openswan installed via rpm as well as in /usr/local from a manual compile?
Paul
More information about the Users
mailing list