[Openswan Users] Openswan does not start when interface has alias

Olaf mailinglists at ban-solms.de
Fri Apr 23 03:38:10 EDT 2010 

Hello everybody,


I am trying to get Openswan 2.6.26dr1 + linux 2.6.32.11 to start on an
interface that has an alias:

# ip addr show dev wan-1
3: wan-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    link/ether 00:0e:f0:00:00:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.240/24 scope global wan-1
    inet 192.168.1.101/24 scope global secondary wan-1.alias


1 tunnel with PSK defined, ipsec.conf:

version 2.0

config setup
        protostack=klips
        interfaces="%defaultroute "
        klipsdebug="none"
        plutodebug="none"
        #plutoload=%search
        #plutostart=%search
        uniqueids=yes
        nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/255.255.255.0,%v4:!192.168.140.0/255.255.255.0,%v4:!192.168.240.0/255.255.255.0,%v4:!192.168.242.0/255.255.255.0

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn Tunnel1
        left=192.168.1.240
        leftsubnet=192.168.240.0/255.255.255.0
        right=192.168.1.242
        rightsubnet=192.168.242.0/255.255.255.0

ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
        esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
        ikelifetime=1h
        keylife=8h
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        pfs=yes
        authby=secret
        auto=start


Changing to interfaces="ipsec0=wan-1 " makes no difference.

Log output below.


When I remove the alias Openswan starts OK.
Any ideas?  Config setting I could try?


Thanks

Olaf



09:22:05 ipsec_setup Starting Openswan IPsec 2.6.master-201016.git...
09:22:05 ipsec_setup Using KLIPS/legacy stack
09:22:05 ipsec_setup KLIPS debug `none'
09:22:05 ipsec_setup KLIPS ipsec0 on wan-1 192.168.1.240/255.255.255.0
broadcast 0.0.0.0
09:22:06 ipsec__plutorun Starting Pluto subsystem...
09:22:06 ipsec__plutorun adjusting ipsec.d to /etc/ipsec.d
09:22:06 ipsec_setup ...Openswan IPsec started
09:22:06 pluto[3704] Starting Pluto (Openswan Version
2.6.master-201016.git; Vendor ID OEMDeFU_YkxK) pid:3704
09:22:06 pluto[3704] Setting NAT-Traversal port-4500 floating to on
09:22:06 pluto[3704]    port floating activation criteria
nat_t=1/port_float=1
09:22:06 pluto[3704]    NAT-Traversal support  [enabled]
09:22:06 pluto[3704] using /dev/urandom as source of random entropy
09:22:06 pluto[3704] ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_enc(): Activating OAKLEY_AES_CBC:
Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
09:22:06 pluto[3704] ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
09:22:06 pluto[3704] starting up 1 cryptographic helpers
09:22:06 pluto[3704] started helper pid=3707 (fd:7)
09:22:06 pluto[3704] Using KLIPS IPsec interface code on 2.6.32-1
09:22:06 pluto[3704] Changed path to directory '/etc/ipsec.d/cacerts'
09:22:06 pluto[3704]   loaded CA cert file 'cacert.pem' (1464 bytes)
09:22:06 pluto[3704] Changed path to directory '/etc/ipsec.d/aacerts'
09:22:06 pluto[3704] Changed path to directory '/etc/ipsec.d/ocspcerts'
09:22:06 pluto[3707] using /dev/urandom as source of random entropy
09:22:06 pluto[3704] Changing to directory '/etc/ipsec.d/crls'
09:22:06 pluto[3704]   loaded crl file 'cacrl.pem' (629 bytes)
09:22:06 pluto[3704] added connection description "Tunnel1"
09:22:06 ipsec__plutorun 002 added connection description "Tunnel1"
09:22:06 pluto[3704] listening for IKE messages
09:22:06 pluto[3704] FATAL ERROR: ioctl(SIOCGIFFLAGS) for wan-1.alias in
find_raw_ifaces4(). Errno 19: No such device
09:22:06 pluto[3704] "Tunnel1": deleting connection
09:22:06 pluto[3707] pluto_crypto_helper: helper (0) is  normal exiting
09:22:06 ipsec__plutorun 003 FATAL ERROR: ioctl(SIOCGIFFLAGS) for
wan-1.alias in find_raw_ifaces4(). Errno 19: No such device
09:22:06 ipsec__plutorun whack: Pluto is not running (no
"/var/run/pluto/pluto.ctl")
09:22:06 ipsec__plutorun whack: Pluto is not running (no
"/var/run/pluto/pluto.ctl")
09:22:06 ipsec__plutorun !pluto failure!:  exited with error status 1
09:22:06 ipsec__plutorun restarting IPsec after pause...

More information about the Users mailing list