[Openswan Users] OpenSwan on ubuntu

Michael H. Warfield mhw at WittsEnd.com
Fri Dec 3 16:32:22 EST 2010

Paul (and Hammond),

On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote: 
> On Fri, 3 Dec 2010, Hammad wrote:
> > Here is the output of commands...
> > root at vps:/usr/local# modprobe ipsec
> > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
> > FATAL: Module ipsec not found.
> > 
> > root at vps:/usr/local# modprobe af_key
> > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
> > FATAL: Module af_key not found.
> > 
> > root at vps:/usr/local# ipsec --version
> > Linux Openswan U2.6.31/K(no kernel code presently loaded)
> > See `ipsec --copyright' for copyright information.

> Your kernel has no IPsec support. Perhaps you are missing the right modules directory, or support
> was not compiled on that kernel. Seems like this is a non-distribution, custom built kernel?

It doesn't show up in this last message but in an earlier post I saw

> WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9: No
> such file or directory

That tells me two things.

1) He's running an OpenVZ kernel.  That's one of their revision strings
and that's one of their releases for the RHEL distro.  Not too terribly
old but back several clicks.

2) He was, at that time, running on a kernel which had been updated
(possibly by a mainline distro kernel or possibly by a newer OpenVZ
kernel) and the running kernel had been uninstalled by yum so the
modules directory no longer existed.

Now...  That being said...  Prior to swapping all of my OpenVZ VM's (> 3
dozen) over to LXC to get back on a more current kernel with in-tree
container virtualization, I was an extensive user of OpenVZ.  Those
kernels certainly do have IPsec compiled in as modules.  I've used it.


Are you currently actively running and OpenVZ kernel on that machine?

What version are you at?  From there site, it looks like 028stab070.14
is the latest in the RHEL/CentOS stable 2.6.18 line.

What are you running (uname -a) and what do you have installed?

Did you install it from their site with yum or downloaded it or build a
custom build (which I often had done with newer releases)?  (One flaw
with their yum repo is that it doesn't properly setup the install only
and a couple of other conditions to prevent removing the running

You must have built that Openswan 2.6.31 package yourself, the latest
RHEL/CentOS 5.x Openswan is 2.6.21.  Did you merely compile it or
actually build your own rpms?

What's in your grub.conf file and are you running on the latest kernel
which was installed?

> Paul

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20101203/e667c156/attachment.bin 

More information about the Users mailing list