[Openswan Users] RES: RES: RES: RES: Openswan with L2TP

Paul Wouters paul at xelerance.com
Thu Sep 24 19:22:08 EDT 2009


On Thu, 24 Sep 2009, Giovani Moda wrote:

>> Yes, the saref patch should be enough.
>
> Well, recompiled kernel with saref.pacth, recompiled openswan-2.6.23
> with MAST and USE_SAREF_KERNEL=true, installed everything and on the
> first run I actually had a mast0 interface. When I tried to connect, I
> got a kernel crash and now I can't seem to make mast work again. Here's
> the output:
>
> Sep 24 18:52:57 combo pluto[2395]: Using KLIPSng (mast) IPsec interface
> code on 2.6.23.17-90_mr.fc7

> Sep 24 18:52:57 combo pluto[2395]: listening for IKE messages
> Sep 24 18:52:57 combo pluto[2395]: | useful mast device -1
> Sep 24 18:52:57 combo pluto[2395]: ERROR: PF_KEY K_SADB_X_PLUMBIF
> response for configure_mast_device  included errno 2: No such file or
> directory
> Sep 24 18:52:58 combo pluto[2395]: plumb command exited with status 1

It seems that either the kernel or that klips module has no proper
support for SAref tracking.

The patch contains the line:

+ #define IP_IPSEC_REFINFO 22

Are you sure that was not already used for a nother policy?

It also seems looking at it that saref.patch is missing most of
the code. Please have a look at the 2.6.16.54-0.2.5 version of
the patch. And make sure 22 is available on your kernel. If you
change that number, also change it for xl2tpd.

Paul


More information about the Users mailing list