[Openswan Users] Centos 5.4 and Openswan with klips

Rick Cooper rcooper at dwford.com
Thu Mar 4 15:49:01 EST 2010


I was wondering if there is an openswan build (with klips don't need nat-t)
that works reliably with centos 5.4 kernel
2.6.18-164.11.1.el5.centos.plus-PAE-i686?
 
Building openswan-2.6.24 (make KERNELSRC=/usr/src/linux-2.6 module programs)
results in:
	openswan-2.6.24/modobj26/ipsec_tunnel.c:1319: warning: passing
argument 3 of 'prv->header_cache_update' discards qualifiers from pointer
target type

Building the latest development version from git sources (before yesterday)
results in kernel panic at shutdown/restart
Building the latest development version from git source (as of today)
results in:

kernel: klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack
version: 2.6.master-201009.git-g85457ef1
kernel: registered KLIPS /proc/sys/net<6>klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
kernel: klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
kernel: ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
kernel: klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok]
(auth_id=0)
kernel: ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
pluto: adjusting ipsec.d to /etc/ipsec.d

In the log (on the screen I only see down to ipsec_3des_init(alg_type=15
alg_id=3 name=3des): ret=0) and it just hangs
There doing nothing, won't boot any farther and when started from console
instead of boot just sets and does nothing at all. If I change protostack to
auto it will start, supposedly successfully but no tunnels (do have ipsec0
though) and eroute shows nothing at all, no trap, hold, just nothing. And if
I boot with protostack=auto I get a kernel panic at boot again.

I can build without klips but without klips I would rather run openvpn, at
least I can dump tunx traffic easily, I just *hate* netkey's lack of pseudo
interfaces.



Rick Cooper




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Users mailing list