[Openswan Users] Couldn't start up tunnel in openswan 2.6.43 (klips)

Feng Dai freedai at hotmail.com
Mon May 4 15:13:33 EDT 2015

Hello there,
I have ipsec.conf used to work with 2.6.41. After I upgraded to 2.6.43, it failed to start up tunnel. 
May  4 19:01:34 vpn-spoke-03 pluto[7434]: address family inconsistency in this connection=2 host=2/nexthop=0May  4 19:01:34 vpn-spoke-03 pluto[7434]: attempt to load incomplete connection
After I added left/rightnexthop, it could work. %defaultroute didn't work though. I have to put in specific IP.     #rightnexthop=    #leftnexthop= my question is would nexthop be required from now on? Or will it be fixed in next release and when will be the release if this is a bug?
BTW, I believe there's a bug in pfkey_v2.c. 2.6.43 compile out the creation of pk_key but it still have cleanup of pk_key. So I can see kernal panic when stopping the service.---- pfkey_init ----#if 0        /* XXX - does anyone actually use this interface at all? */#ifdef CONFIG_PROC_FS        {                struct proc_dir_entry* entry;
                entry = create_proc_entry ("pf_key", 0, init_net.proc_net);                entry->read_proc = pfkey_get_info;                entry = create_proc_entry ("pf_key_supported", 0, init_net.proc_net);                entry->read_proc = pfkey_supported_get_info;                entry = create_proc_entry ("pf_key_registered", 0, init_net.proc_net);                entry->read_proc = pfkey_registered_get_info;        }#endif /* CONFIG_PROC_FS */#endif
---- pfkey_cleanup ----#ifdef CONFIG_PROC_FS        remove_proc_subtree("pf_key",            init_net.proc_net);        remove_proc_subtree("pf_key_supported",  init_net.proc_net);        remove_proc_subtree("pf_key_registered", init_net.proc_net);#endif /* CONFIG_PROC_FS */
Thanks. - Feng 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150504/bfb1a269/attachment.html>

More information about the Users mailing list