[Openswan Users] OpenSwan on ubuntu

Laurent Caron lcaron at unix-scripts.info
Sat Dec 4 09:04:48 EST 2010


Hi

Are u Sure The kernel package comes from redhat and not your virtual server hosting company?



Le 4 déc. 2010 à 14:30, Hammad <raohammad at gmail.com> a écrit :

> Hi,
> 
> Now thats a bit disturbing... I have now CentOS but still the same /lib/modules/.... is missing. Its a fresh installation
> 
> Mike: How did you cater this situation? Any ideas?
> 
> [root at vps ~]# service ipsec start
> ipsec_setup: FATAL: Could not load /lib/modules/2.6.18-028stab068.9/modules.dep: No such file or directory
> ipsec_setup: Starting Openswan IPsec 2.6.21...
> ipsec_setup: multiple ip addresses, using  127.0.0.1 on venet0
> 
> [root at vps ~]# uname -a
> Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD 2010 i686 athlon i386 GNU/Linux
> 
> 
> [root at vps ~]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.6.21/K(no kernel code presently loaded)
> Checking for IPsec support in kernel                            [FAILED]
> Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [FAILED]
>   whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> 
> Opportunistic Encryption DNS checks:
>    Looking for TXT in forward dns zone: vps.flexilogix.com      [MISSING]
>    Does the machine have at least one non-private address?      [OK]
>    Looking for TXT in reverse dns zone: 20.69.65.216.in-addr.arpa.      [MISSING]
> 
> Regards,
> Hammad
> 
> On Sat, Dec 4, 2010 at 9:51 AM, Hammad <raohammad at gmail.com> wrote:
> Hi Paul,
> No its not a custom compiled (by me) in fact I bought VPS and this is the ubuntu version I got (jaunty 9.0.4).
> 
> Hi Mike,
> 
> 
> > WARNING: Couldn't open directory /lib/modules/2.6.18-
> 028stab068.9: No
> > such file or directory
> 
> I overcame this problem. I 'd    2.6.18-028stab059.6   directory in place but not the one mentioned in error; I created a soft-link with same name pointing to actual dir and installation succeeded well ;)
> 
> 
> So our problem is again back to original, ipsec is not supported by kernel...
> 
> 
> > Are you currently actively running and OpenVZ kernel on that machine?
> 
> I suppose yes this VPS is using OpenVZ.
> 
> 
> > What version are you at?  From there site, it looks like 028stab070.14
> > is the latest in the RHEL/CentOS stable 2.6.18 line.
> 
> # uname -a
> Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD 2010 i686 GNU/Linux
> 
> > You must have built that Openswan 2.6.31 package yourself, the latest
> > RHEL/CentOS 5.x Openswan is 2.6.21.  Did you merely compile it or actually build your own rpms?
> 
> Yes, I actually compiled openswan 2,6,31 from sources
> 
> I've come to know from Ubuntu Support groups that there is no ipsec package for ubuntu jaunty 9.0.4 and its no more updated since Oct 23 2010. So I suppose its the time to switch back to CentOS that is my actual playground... 
> 
> Thanks for your help all.
> Hammad ( aka Hammond :) )
> 
> 
> On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> Paul (and Hammond),
> 
> On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:
> > On Fri, 3 Dec 2010, Hammad wrote:
> >
> > > Here is the output of commands...
> > > root at vps:/usr/local# modprobe ipsec
> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
> > > FATAL: Module ipsec not found.
> > >
> > > root at vps:/usr/local# modprobe af_key
> > > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
> > > FATAL: Module af_key not found.
> > >
> > > root at vps:/usr/local# ipsec --version
> > > Linux Openswan U2.6.31/K(no kernel code presently loaded)
> > > See `ipsec --copyright' for copyright information.
> 
> > Your kernel has no IPsec support. Perhaps you are missing the right modules directory, or support
> > was not compiled on that kernel. Seems like this is a non-distribution, custom built kernel?
> 
> It doesn't show up in this last message but in an earlier post I saw
> this...
> 
> > WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9: No
> > such file or directory
> 
> That tells me two things.
> 
> 1) He's running an OpenVZ kernel.  That's one of their revision strings
> and that's one of their releases for the RHEL distro.  Not too terribly
> old but back several clicks.
> 
> 2) He was, at that time, running on a kernel which had been updated
> (possibly by a mainline distro kernel or possibly by a newer OpenVZ
> kernel) and the running kernel had been uninstalled by yum so the
> modules directory no longer existed.
> 
> Now...  That being said...  Prior to swapping all of my OpenVZ VM's (> 3
> dozen) over to LXC to get back on a more current kernel with in-tree
> container virtualization, I was an extensive user of OpenVZ.  Those
> kernels certainly do have IPsec compiled in as modules.  I've used it.
> 
> Hammond,
> 
> Are you currently actively running and OpenVZ kernel on that machine?
> 
> What version are you at?  From there site, it looks like 028stab070.14
> is the latest in the RHEL/CentOS stable 2.6.18 line.
> 
> What are you running (uname -a) and what do you have installed?
> 
> Did you install it from their site with yum or downloaded it or build a
> custom build (which I often had done with newer releases)?  (One flaw
> with their yum repo is that it doesn't properly setup the install only
> and a couple of other conditions to prevent removing the running
> kernel).
> 
> You must have built that Openswan 2.6.31 package yourself, the latest
> RHEL/CentOS 5.x Openswan is 2.6.21.  Did you merely compile it or
> actually build your own rpms?
> 
> What's in your grub.conf file and are you running on the latest kernel
> which was installed?
> 
> > Paul
> 
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101204/a69f8d74/attachment-0001.html 


More information about the Users mailing list