[Openswan Users] OpenSwan on ubuntu
Hammad
raohammad at gmail.com
Sat Dec 4 08:30:05 EST 2010
Hi,
Now thats a bit disturbing... I have now CentOS but still the same
/lib/modules/.... is missing. Its a fresh installation
Mike: How did you cater this situation? Any ideas?
[root at vps ~]# service ipsec start
ipsec_setup: FATAL: Could not load
/lib/modules/2.6.18-028stab068.9/modules.dep: No such file or directory
ipsec_setup: Starting Openswan IPsec 2.6.21...
ipsec_setup: multiple ip addresses, using 127.0.0.1 on venet0
[root at vps ~]# uname -a
Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD
2010 i686 athlon i386 GNU/Linux
[root at vps ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.21/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: vps.flexilogix.com [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 20.69.65.216.in-addr.arpa.
[MISSING]
Regards,
Hammad
On Sat, Dec 4, 2010 at 9:51 AM, Hammad <raohammad at gmail.com> wrote:
> Hi Paul,
> No its not a custom compiled (by me) in fact I bought VPS and this is the
> ubuntu version I got (jaunty 9.0.4).
>
> Hi Mike,
>
>
> > WARNING: Couldn't open directory /lib/modules/2.6.18-
> 028stab068.9: No
> > such file or directory
>
> I overcame this problem. I 'd 2.6.18-028stab059.6 directory in place
> but not the one mentioned in error; I created a soft-link with same name
> pointing to actual dir and installation succeeded well ;)
>
>
> So our problem is again back to original, ipsec is not supported by
> kernel...
>
>
> > Are you currently actively running and OpenVZ kernel on that machine?
>
> I suppose yes this VPS is using OpenVZ.
>
>
> > What version are you at? From there site, it looks like 028stab070.14
> > is the latest in the RHEL/CentOS stable 2.6.18 line.
>
> # uname -a
> Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31
> MSD 2010 i686 GNU/Linux
>
> > You must have built that Openswan 2.6.31 package yourself, the latest
> > RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or
> actually build your own rpms?
>
> Yes, I actually compiled openswan 2,6,31 from sources
>
> I've come to know from Ubuntu Support groups that there is no ipsec package
> for ubuntu jaunty 9.0.4 and its no more updated since Oct 23 2010. So I
> suppose its the time to switch back to CentOS that is my actual
> playground...
>
> Thanks for your help all.
> Hammad ( aka Hammond :) )
>
>
> On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield <mhw at wittsend.com>wrote:
>
>> Paul (and Hammond),
>>
>> On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:
>> > On Fri, 3 Dec 2010, Hammad wrote:
>> >
>> > > Here is the output of commands...
>> > > root at vps:/usr/local# modprobe ipsec
>> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files
>> belong into /etc/modprobe.d/.
>> > > FATAL: Module ipsec not found.
>> > >
>> > > root at vps:/usr/local# modprobe af_key
>> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files
>> belong into /etc/modprobe.d/.
>> > > FATAL: Module af_key not found.
>> > >
>> > > root at vps:/usr/local# ipsec --version
>> > > Linux Openswan U2.6.31/K(no kernel code presently loaded)
>> > > See `ipsec --copyright' for copyright information.
>>
>> > Your kernel has no IPsec support. Perhaps you are missing the right
>> modules directory, or support
>> > was not compiled on that kernel. Seems like this is a non-distribution,
>> custom built kernel?
>>
>> It doesn't show up in this last message but in an earlier post I saw
>> this...
>>
>> > WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9: No
>> > such file or directory
>>
>> That tells me two things.
>>
>> 1) He's running an OpenVZ kernel. That's one of their revision strings
>> and that's one of their releases for the RHEL distro. Not too terribly
>> old but back several clicks.
>>
>> 2) He was, at that time, running on a kernel which had been updated
>> (possibly by a mainline distro kernel or possibly by a newer OpenVZ
>> kernel) and the running kernel had been uninstalled by yum so the
>> modules directory no longer existed.
>>
>> Now... That being said... Prior to swapping all of my OpenVZ VM's (> 3
>> dozen) over to LXC to get back on a more current kernel with in-tree
>> container virtualization, I was an extensive user of OpenVZ. Those
>> kernels certainly do have IPsec compiled in as modules. I've used it.
>>
>> Hammond,
>>
>> Are you currently actively running and OpenVZ kernel on that machine?
>>
>> What version are you at? From there site, it looks like 028stab070.14
>> is the latest in the RHEL/CentOS stable 2.6.18 line.
>>
>> What are you running (uname -a) and what do you have installed?
>>
>> Did you install it from their site with yum or downloaded it or build a
>> custom build (which I often had done with newer releases)? (One flaw
>> with their yum repo is that it doesn't properly setup the install only
>> and a couple of other conditions to prevent removing the running
>> kernel).
>>
>> You must have built that Openswan 2.6.31 package yourself, the latest
>> RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or
>> actually build your own rpms?
>>
>> What's in your grub.conf file and are you running on the latest kernel
>> which was installed?
>>
>> > Paul
>>
>> Regards,
>> Mike
>> --
>> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
>> /\/\|=mhw=|\/\/ | (678) 463-0932 |
>> http://www.wittsend.com/mhw/
>> NIC whois: MHW9 | An optimist believes we live in the best of
>> all
>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101204/417c8653/attachment.html
More information about the Users
mailing list