[Openswan Users] Error "No such device"

Алексей Иванов lexxthefox at gmail.com
Thu Apr 7 11:18:24 EDT 2011 

Hello.

I am trying to establish four IPSEC connections between computer running
Debian Stable 6.0 'squeeze' and four remote 3G routers.

Short description of the routers can be found below this link:
http://www.euromobile.ru/en/proizvoditeli/novacom/3g-router-gns-ur4i-vpn.htm

These are AMRISC 20000 devices with linux. AFAIR their kernel is 2.4, and I
am definitely sure it uses KLIPS and Pluto.

Linux box is running Debian Stable 6.0 'squeeze' with latest security
updates, kernel 2.6.32-5-686, KLIPS module from package
'openswan-modules-dkms' and Openswan 2.6.28 (klips).

I have managed to pick right configuration options to make these devices
connect to my linux box. SAs get established successfully, but on linux box
i get this errors in syslog.conf:

Apr  7 15:03:45 internet ipsec_setup: Starting Openswan IPsec 2.6.28...
Apr  7 15:03:45 internet ipsec_setup: Using KLIPS/legacy stack
Apr  7 15:03:45 internet kernel: [  933.702700] padlock: VIA PadLock not
detected.
Apr  7 15:03:45 internet kernel: [  933.713040] padlock: VIA PadLock Hash
Engine not detected.
Apr  7 15:03:45 internet kernel: [  933.729266] padlock: VIA PadLock not
detected.
Apr  7 15:03:45 internet ipsec_setup: KLIPS debug `none'
Apr  7 15:03:45 internet kernel: [  933.809834]
Apr  7 15:03:45 internet ipsec_setup: KLIPS ipsec0 on ppp0
172.16.224.1/255.255.255.255 pointopoint 10.64.64.64
Apr  7 15:03:45 internet ipsec_setup: KLIPS ipsec1 on ppp0
172.16.224.1/255.255.255.255 pointopoint 10.64.64.64
Apr  7 15:03:45 internet ipsec_setup: KLIPS ipsec2 on ppp0
172.16.224.1/255.255.255.255 pointopoint 10.64.64.64
Apr  7 15:03:45 internet ipsec_setup: /usr/lib/ipsec/tncfg: Socket ioctl
failed on attach -- No such device.  Is the virtual device valid?  Is the
ipsec module linked into the kernel or loaded as a module?
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFADDR: No such device
Apr  7 15:03:46 internet ipsec_setup: ipsec2: ERROR while getting interface
flags: No such device
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFDSTADDR: No such device
Apr  7 15:03:46 internet ipsec_setup: ipsec2: ERROR while getting interface
flags: No such device
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFNETMASK: No such device
Apr  7 15:03:46 internet ipsec_setup: KLIPS ipsec3 on ppp0
172.16.224.1/255.255.255.255 pointopoint 10.64.64.64
Apr  7 15:03:46 internet ipsec_setup: /usr/lib/ipsec/tncfg: Socket ioctl
failed on attach -- No such device.  Is the virtual device valid?  Is the
ipsec module linked into the kernel or loaded as a module?
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFADDR: No such device
Apr  7 15:03:46 internet ipsec_setup: ipsec3: ERROR while getting interface
flags: No such device
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFDSTADDR: No such device
Apr  7 15:03:46 internet ipsec_setup: ipsec3: ERROR while getting interface
flags: No such device
Apr  7 15:03:46 internet ipsec_setup: SIOCSIFNETMASK: No such device
Apr  7 15:03:46 internet ipsec_setup: ...Openswan IPsec started
Apr  7 15:03:46 internet ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr  7 15:03:46 internet pluto: adjusting ipsec.d to /etc/ipsec.d
Apr  7 15:03:46 internet ipsec__plutorun: 002 added connection description
"UPPNG"
Apr  7 15:03:46 internet ipsec__plutorun: 002 added connection description
"PPPON"
Apr  7 15:03:46 internet ipsec__plutorun: 002 added connection description
"BPO"
Apr  7 15:03:46 internet ipsec__plutorun: 002 added connection description
"UPN230"
Apr  7 15:03:46 internet ipsec__plutorun: 003 NAT-Traversal: Trying new
style NAT-T
Apr  7 15:03:46 internet ipsec__plutorun: 104 "UPPNG" #1: STATE_MAIN_I1:
initiate
Apr  7 15:03:46 internet ipsec__plutorun: 104 "PPPON" #2: STATE_MAIN_I1:
initiate
Apr  7 15:03:46 internet ipsec__plutorun: 104 "BPO" #3: STATE_MAIN_I1:
initiate
Apr  7 15:03:46 internet ipsec__plutorun: 104 "UPN230" #4: STATE_MAIN_I1:
initiate

I have found discussion on similar problem here: http://tinyurl.com/3u7o5gd

On that discussion an assumption was stated: 'perhaps this is an
interfaces="ipsec0=ppp0" and the ppp0 interface is currently not present?'
I have double-checked presence of ppp0 interface - it is up and running. I
start it manually and check it by reviewing WEB interfaces of remote devices
just before starting /etc/init.d/ipsec. So it is not an issue.

I have also checked version of openswan userland. Just in case.
ipsec --version says:
'Linux Openswan 2.6.28 (klips)
See `ipsec --copyright' for copyright information.'
Seems to fit well.

Well in fact the east and west sides get connected. SAs get associated
properly.

ipsec auto --satatus says

'000 #5: "BPO":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27886s; newest IPSEC; eroute owner; isakmp#3; idle;
import:admin initiate
000 #5: "BPO" esp.18b3bf6 at 172.16.224.4 esp.b646d75a at 172.16.224.1
tun.1001 at 172.16.224.4 tun.1002 at 172.16.224.1 ref=15 refhim=13
000 #3: "BPO":500 STATE_MAIN_I4 (ISAKMP SA established); '

on each connection.

But /usr/lib/ipsec/tncfg is complaining and no packets get to destination
behind IPSEC tunnels.

ip xfrm show
shows nothing.

I am new to IPSEC so my explanations are probably awful. Maybe ipsec barf
would explain the symptoms better. It is here:
http://pastebin.com/6yLYnr2n
You may notice that one of four SAs is not associated. One of remote devices
is down, so it's OK.

I was unable to google any clues on this case. Help would be much
appreciated. Thank you in advance.

WBR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110407/d8fa2bfc/attachment.html

More information about the Users mailing list