[Openswan Users] Couldn't start up tunnel in openswan 2.6.43 (klips)
Feng Dai
freedai at hotmail.com
Mon May 4 15:13:33 EDT 2015
Hello there,
I have ipsec.conf used to work with 2.6.41. After I upgraded to 2.6.43, it failed to start up tunnel.
May 4 19:01:34 vpn-spoke-03 pluto[7434]: address family inconsistency in this connection=2 host=2/nexthop=0May 4 19:01:34 vpn-spoke-03 pluto[7434]: attempt to load incomplete connection
After I added left/rightnexthop, it could work. %defaultroute didn't work though. I have to put in specific IP. #rightnexthop=10.50.10.129 #leftnexthop=10.50.11.95So my question is would nexthop be required from now on? Or will it be fixed in next release and when will be the release if this is a bug?
BTW, I believe there's a bug in pfkey_v2.c. 2.6.43 compile out the creation of pk_key but it still have cleanup of pk_key. So I can see kernal panic when stopping the service.---- pfkey_init ----#if 0 /* XXX - does anyone actually use this interface at all? */#ifdef CONFIG_PROC_FS { struct proc_dir_entry* entry;
entry = create_proc_entry ("pf_key", 0, init_net.proc_net); entry->read_proc = pfkey_get_info; entry = create_proc_entry ("pf_key_supported", 0, init_net.proc_net); entry->read_proc = pfkey_supported_get_info; entry = create_proc_entry ("pf_key_registered", 0, init_net.proc_net); entry->read_proc = pfkey_registered_get_info; }#endif /* CONFIG_PROC_FS */#endif
---- pfkey_cleanup ----#ifdef CONFIG_PROC_FS remove_proc_subtree("pf_key", init_net.proc_net); remove_proc_subtree("pf_key_supported", init_net.proc_net); remove_proc_subtree("pf_key_registered", init_net.proc_net);#endif /* CONFIG_PROC_FS */
Thanks. - Feng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150504/bfb1a269/attachment.html>
More information about the Users
mailing list