[Openswan Users] kernel 2.6.23 + saref + centos 5
Paul Wouters
paul at xelerance.com
Sun Jan 17 17:47:17 EST 2010
On Sun, 17 Jan 2010, Ronald wrote:
> After asking a week ago, about multiple connection on l2tpd behind the
> nat, now i have a chance to test the saref patch against 2.6.23 kernel,
> today i made a self build 2.6.23 kernel with saref patch and build
> openswan with
The patch for 2.6.23 was not complete. I updated the patch in git and
on ftp://ftp.openswan.org/openswan/development/
(note the previous patch contained klips and natt stuff too. this one just
has the saref parts)
> Jan 18 05:29:37 sti-fw2 ipsec__plutorun: 003 ERROR: PF_KEY
> K_SADB_X_PLUMBIF response for configure_mast_device included errno 2: No
> such file or directory
That is because of the incomplete patch.
> I double/trippled check if i patch my self build kernel with saref patch,
> but still i end up with these error. is there anyway i can determine if
> saref was really install on my system?
The easiest way to see it is to started xl2tpd with "ipsec saref = yes"
in the [global] section. On startup (even with no ipsec tunnels at all)
you should see:
Enabling IPsec SAref processing for L2TP transport mode SAs
Though openswan will throw you the errors you saw when something is wrong
with SAref tracking when using protostack=mast as well.
> Do i need to enable something on make menuconfig to enable saref feature?
No. There is no config option for it. Note that with openswan, you must
use protostack=mast and have overlapip=yes in your l2tp conn section.
Paul
More information about the Users
mailing list