[Openswan Users] OpenSwan on ubuntu

Hammad raohammad at gmail.com
Sat Dec 4 08:30:05 EST 2010


Hi,

Now thats a bit disturbing... I have now CentOS but still the same
/lib/modules/.... is missing. Its a fresh installation

Mike: How did you cater this situation? Any ideas?

[root at vps ~]# service ipsec start
ipsec_setup: FATAL: Could not load
/lib/modules/2.6.18-028stab068.9/modules.dep: No such file or directory
ipsec_setup: Starting Openswan IPsec 2.6.21...
ipsec_setup: multiple ip addresses, using  127.0.0.1 on venet0

[root at vps ~]# uname -a
Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD
2010 i686 athlon i386 GNU/Linux


[root at vps ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.21/K(no kernel code presently loaded)
Checking for IPsec support in kernel                            [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: vps.flexilogix.com      [MISSING]
   Does the machine have at least one non-private address?      [OK]
   Looking for TXT in reverse dns zone: 20.69.65.216.in-addr.arpa.
[MISSING]

Regards,
Hammad

On Sat, Dec 4, 2010 at 9:51 AM, Hammad <raohammad at gmail.com> wrote:

> Hi Paul,
> No its not a custom compiled (by me) in fact I bought VPS and this is the
> ubuntu version I got (jaunty 9.0.4).
>
> Hi Mike,
>
>
> > WARNING: Couldn't open directory /lib/modules/2.6.18-
> 028stab068.9: No
> > such file or directory
>
> I overcame this problem. I 'd    2.6.18-028stab059.6   directory in place
> but not the one mentioned in error; I created a soft-link with same name
> pointing to actual dir and installation succeeded well ;)
>
>
> So our problem is again back to original, ipsec is not supported by
> kernel...
>
>
> > Are you currently actively running and OpenVZ kernel on that machine?
>
> I suppose yes this VPS is using OpenVZ.
>
>
> > What version are you at?  From there site, it looks like 028stab070.14
> > is the latest in the RHEL/CentOS stable 2.6.18 line.
>
> # uname -a
> Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31
> MSD 2010 i686 GNU/Linux
>
> > You must have built that Openswan 2.6.31 package yourself, the latest
> > RHEL/CentOS 5.x Openswan is 2.6.21.  Did you merely compile it or
> actually build your own rpms?
>
> Yes, I actually compiled openswan 2,6,31 from sources
>
> I've come to know from Ubuntu Support groups that there is no ipsec package
> for ubuntu jaunty 9.0.4 and its no more updated since Oct 23 2010. So I
> suppose its the time to switch back to CentOS that is my actual
> playground...
>
> Thanks for your help all.
> Hammad ( aka Hammond :) )
>
>
> On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield <mhw at wittsend.com>wrote:
>
>> Paul (and Hammond),
>>
>> On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:
>> > On Fri, 3 Dec 2010, Hammad wrote:
>> >
>> > > Here is the output of commands...
>> > > root at vps:/usr/local# modprobe ipsec
>> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files
>> belong into /etc/modprobe.d/.
>> > > FATAL: Module ipsec not found.
>> > >
>> > > root at vps:/usr/local# modprobe af_key
>> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files
>> belong into /etc/modprobe.d/.
>> > > FATAL: Module af_key not found.
>> > >
>> > > root at vps:/usr/local# ipsec --version
>> > > Linux Openswan U2.6.31/K(no kernel code presently loaded)
>> > > See `ipsec --copyright' for copyright information.
>>
>> > Your kernel has no IPsec support. Perhaps you are missing the right
>> modules directory, or support
>> > was not compiled on that kernel. Seems like this is a non-distribution,
>> custom built kernel?
>>
>> It doesn't show up in this last message but in an earlier post I saw
>> this...
>>
>> > WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9: No
>> > such file or directory
>>
>> That tells me two things.
>>
>> 1) He's running an OpenVZ kernel.  That's one of their revision strings
>> and that's one of their releases for the RHEL distro.  Not too terribly
>> old but back several clicks.
>>
>> 2) He was, at that time, running on a kernel which had been updated
>> (possibly by a mainline distro kernel or possibly by a newer OpenVZ
>> kernel) and the running kernel had been uninstalled by yum so the
>> modules directory no longer existed.
>>
>> Now...  That being said...  Prior to swapping all of my OpenVZ VM's (> 3
>> dozen) over to LXC to get back on a more current kernel with in-tree
>> container virtualization, I was an extensive user of OpenVZ.  Those
>> kernels certainly do have IPsec compiled in as modules.  I've used it.
>>
>> Hammond,
>>
>> Are you currently actively running and OpenVZ kernel on that machine?
>>
>> What version are you at?  From there site, it looks like 028stab070.14
>> is the latest in the RHEL/CentOS stable 2.6.18 line.
>>
>> What are you running (uname -a) and what do you have installed?
>>
>> Did you install it from their site with yum or downloaded it or build a
>> custom build (which I often had done with newer releases)?  (One flaw
>> with their yum repo is that it doesn't properly setup the install only
>> and a couple of other conditions to prevent removing the running
>> kernel).
>>
>> You must have built that Openswan 2.6.31 package yourself, the latest
>> RHEL/CentOS 5.x Openswan is 2.6.21.  Did you merely compile it or
>> actually build your own rpms?
>>
>> What's in your grub.conf file and are you running on the latest kernel
>> which was installed?
>>
>> > Paul
>>
>> Regards,
>> Mike
>> --
>> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>>   /\/\|=mhw=|\/\/          | (678) 463-0932 |
>> http://www.wittsend.com/mhw/
>>   NIC whois: MHW9          | An optimist believes we live in the best of
>> all
>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101204/417c8653/attachment.html 


More information about the Users mailing list