[Openswan Users] OpenSwan on ubuntu
Michael H. Warfield
mhw at WittsEnd.com
Sat Dec 4 10:52:43 EST 2010
On Sat, 2010-12-04 at 09:51 +0500, Hammad wrote:
> Hi Paul,
> No its not a custom compiled (by me) in fact I bought VPS and this is
> the
> ubuntu version I got (jaunty 9.0.4).
Oh, yeah, that's right... Ubuntu does ship OpenVZ kernels and vz
utilities. I had forgotten about that. There's been a big discussion
about that on the OpenVZ lists and LXC lists because OpenVZ aka Virtuoso
has fallen so far behind in the kernel revs they don't support matching
kernels in the two Ubuntu 10.xx releases. They have a semi supported
experimental branch that's at 2.6.32 and falling behind again fast. I'm
currently running Fedora 13, and Fedora 14 is already out and I'm on a
2.6.34 kernel and not up to the latest kernel.org release. :-(
> Hi Mike,
>
> > WARNING: Couldn't open directory /lib/modules/2.6.18-
> 028stab068.9: No
> > such file or directory
>
> I overcame this problem. I 'd 2.6.18-028stab059.6 directory in
> place
> but not the one mentioned in error; I created a soft-link with same
> name
> pointing to actual dir and installation succeeded well ;)
Bingo!
No, that won't work. You can not cross link those module directories.
It will find the directory but will not find any modules in it which it
can load because the symbols won't match. So, of course, you don't have
any ipsec modules that match your running kernel.
>
> So our problem is again back to original, ipsec is not supported by
> kernel...
>
> > Are you currently actively running and OpenVZ kernel on that
> machine?
>
> I suppose yes this VPS is using OpenVZ.
Time out! Terminology just hit home and laid an egg. A "VPS"? Are you
running an actual hard iron host or are you in a virtual machine (what I
generally refer to as a VM)? This is very important. If you are
running in an OpenVZ VM you are running on the kernel of the VE0
(Virtualization Engine ring 0) and not any kernel of your own. What's
more, you can not load any kernel modules, even if you had the correct
set. Also, OpenVZ does not support IPsec in a VM.
> > What version are you at? From there site, it looks like
> 028stab070.14
> > is the latest in the RHEL/CentOS stable 2.6.18 line.
> # uname -a
> Linux vps.flexilogix.com 2.6.18-028stab068.9 #1 SMP Tue Mar 30
> 17:22:31 MSD
> 2010 i686 GNU/Linux
> > You must have built that Openswan 2.6.31 package yourself, the
> latest
> > RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or
> actually
> build your own rpms?
>
> Yes, I actually compiled openswan 2,6,31 from sources
>
> I've come to know from Ubuntu Support groups that there is no ipsec
> package
> for ubuntu jaunty 9.0.4 and its no more updated since Oct 23 2010. So
> I
> suppose its the time to switch back to CentOS that is my actual
> playground...
How are you switching back and forth? Tell me a little more about this
VPS. Is this a service? A virtual hosted machine? I think this is
where your trouble really lays.
> Thanks for your help all.
> Hammad ( aka Hammond :) )
Regards,
Mike
> On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield
> <mhw at wittsend.com>wrote:
>
> > Paul (and Hammond),
> >
> > On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:
> > > On Fri, 3 Dec 2010, Hammad wrote:
> > >
> > > > Here is the output of commands...
> > > > root at vps:/usr/local# modprobe ipsec
> > > > WARNING: Deprecated config file /etc/modprobe.conf, all config
> files
> > belong into /etc/modprobe.d/.
> > > > FATAL: Module ipsec not found.
> > > >
> > > > root at vps:/usr/local# modprobe af_key
> > > > WARNING: Deprecated config file /etc/modprobe.conf, all config
> files
> > belong into /etc/modprobe.d/.
> > > > FATAL: Module af_key not found.
> > > >
> > > > root at vps:/usr/local# ipsec --version
> > > > Linux Openswan U2.6.31/K(no kernel code presently loaded)
> > > > See `ipsec --copyright' for copyright information.
> >
> > > Your kernel has no IPsec support. Perhaps you are missing the
> right
> > modules directory, or support
> > > was not compiled on that kernel. Seems like this is a
> non-distribution,
> > custom built kernel?
> >
> > It doesn't show up in this last message but in an earlier post I saw
> > this...
> >
> > > WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9:
> No
> > > such file or directory
> >
> > That tells me two things.
> >
> > 1) He's running an OpenVZ kernel. That's one of their revision
> strings
> > and that's one of their releases for the RHEL distro. Not too
> terribly
> > old but back several clicks.
> >
> > 2) He was, at that time, running on a kernel which had been updated
> > (possibly by a mainline distro kernel or possibly by a newer OpenVZ
> > kernel) and the running kernel had been uninstalled by yum so the
> > modules directory no longer existed.
> >
> > Now... That being said... Prior to swapping all of my OpenVZ VM's
> (> 3
> > dozen) over to LXC to get back on a more current kernel with in-tree
> > container virtualization, I was an extensive user of OpenVZ. Those
> > kernels certainly do have IPsec compiled in as modules. I've used
> it.
> >
> > Hammond,
> >
> > Are you currently actively running and OpenVZ kernel on that
> machine?
> >
> > What version are you at? From there site, it looks like
> 028stab070.14
> > is the latest in the RHEL/CentOS stable 2.6.18 line.
> >
> > What are you running (uname -a) and what do you have installed?
> >
> > Did you install it from their site with yum or downloaded it or
> build a
> > custom build (which I often had done with newer releases)? (One
> flaw
> > with their yum repo is that it doesn't properly setup the install
> only
> > and a couple of other conditions to prevent removing the running
> > kernel).
> >
> > You must have built that Openswan 2.6.31 package yourself, the
> latest
> > RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or
> > actually build your own rpms?
> >
> > What's in your grub.conf file and are you running on the latest
> kernel
> > which was installed?
> >
> > > Paul
> >
> > Regards,
> > Mike
> > --
> > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> > /\/\|=mhw=|\/\/ | (678) 463-0932 |
> > http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the
> best of
> > all
> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure
> of it!
> >
>
>
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20101204/7a35e2ca/attachment.bin
More information about the Users
mailing list