[Openswan Users] Error in OPENSWAN with XL2TP

Neal Murphy neal.p.murphy at alum.wpi.edu
Thu Jun 9 15:59:50 EDT 2011

On Thursday 09 June 2011 08:30:24 heta shah wrote:
> Hello Sir,
> Please help me on openswan in ubuntu.
> I have upgrade the openswan to Openswan U2.6.30 version . But in this when
> I am tring to ipsec verify its howing
> root at heta-VirtualBox:/usr/local# sbin/ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.6.30/K2.6.35-22-generic (netkey)
> Checking for IPsec support in kernel                            [OK]
> SAref kernel support                                            [N/A]
> NETKEY detected, testing for disabled ICMP send_redirects       [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
> Checking that pluto is running                                  [OK]
> Pluto listening for IKE on udp 500                              [OK]
> Pluto listening for NAT-T on udp 4500                           [OK]
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                                [DISABLED]
> root at heta-VirtualBox:/usr/local#
> Mean of that ipsec is not supported to kernel so* how to compile kernel for
> IPSEC Please help me*.

It appears you *do* have IPSEC available in the kernel in the form of NETKEY. 
If you instead want KLIPS support, you'll need to "make programs; make module; 
make install minstall" (abbreviated) when building openswan. Then you'll need 
"rmmod af_key; modprobe ipsec".

More information about the Users mailing list