FreeS/WAN on 7.2 with kernel 2.4.4
Hi all I've been trying to set up IPSec on two SuSE 7.2 systems with FreeS/WAN and the default 2.4.4 kernel (k_deflt-2.4.4-4GB.rpm). Setup works fine, Pluto starts up ok on "rcipsec start", both gateways establish SAs, everything looks great. Then, when I send packets across (such as using 'ping'), the receiving gateway complains that it isn't getting IPSec packets (when debug output is on). A sniffer on the same hub shows me that it is wrong. So, after trying to find an error for a while, I went and installed the 2.2.19 kernel on the machines and, lo and behold, everything works fine. BUT: I can't use the 2.2.19 kernel, since I need iptables on the box. So the question is: Has anyone else encountered and perhaps mastered this problem? To Roman, Thomas et. al.: is this a known problem and are steps against it being undertaken? Thanks for any insights. Tobias -- Tobias Reckhard secunet Security Networks AG Tel : +49(6196)95888-42 Mergenthalerallee 77 Fax : +49(6196)95888-88 D-65760 Eschborn E-Mail: reckhard@secunet.de
On Thursday, 16. August 2001 14:16, Reckhard@secunet.de wrote:
Hi all
I've been trying to set up IPSec on two SuSE 7.2 systems with FreeS/WAN and the default 2.4.4 kernel (k_deflt-2.4.4-4GB.rpm). Setup works fine, Pluto starts up ok on "rcipsec start", both gateways establish SAs, everything looks great. Then, when I send packets across (such as using 'ping'), the receiving gateway complains that it isn't getting IPSec packets (when debug output is on). A sniffer on the same hub shows me that it is wrong.
The ipsec.o module is somehow miscompiled. A new ipsec.o is available on SuSE. Does anyone know the right URL? -- CU, Christoph
On Thu, 16 Aug 2001, Christoph Egger wrote:
I've been trying to set up IPSec on two SuSE 7.2 systems with FreeS/WAN and the default 2.4.4 kernel (k_deflt-2.4.4-4GB.rpm). Setup works fine, Pluto starts up ok on "rcipsec start", both gateways establish SAs, everything looks great. Then, when I send packets across (such as using 'ping'), the receiving gateway complains that it isn't getting IPSec packets (when debug output is on). A sniffer on the same hub shows me that it is wrong.
The ipsec.o module is somehow miscompiled. A new ipsec.o is available on SuSE. Does anyone know the right URL?
Probably http://www.suse.de/~garloff/linux/FreeSWAN/ helps? best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
On Thursday, 16. August 2001 14:26, link@suse.de wrote:
On Thu, 16 Aug 2001, Christoph Egger wrote:
I've been trying to set up IPSec on two SuSE 7.2 systems with FreeS/WAN and the default 2.4.4 kernel (k_deflt-2.4.4-4GB.rpm). Setup works fine, Pluto starts up ok on "rcipsec start", both gateways establish SAs, everything looks great. Then, when I send packets across (such as using 'ping'), the receiving gateway complains that it isn't getting IPSec packets (when debug output is on). A sniffer on the same hub shows me that it is wrong.
The ipsec.o module is somehow miscompiled. A new ipsec.o is available on SuSE. Does anyone know the right URL?
Probably http://www.suse.de/~garloff/linux/FreeSWAN/ helps?
Yes, that is the right URL. I have lost it, somehow... :( I had the same problem until I updated to FreeSWAN 1.91 and using the new ipsec.o BTW: The ipsec.o for the standard 2.4.7 kernel causes an kernel oops. I haven't tested the other 2.4.7 kernels yet. The problem seems to be deferencing of a NULL-pointer. -- CU, Christoph
participants (3)
-
Christoph Egger -
Rainer Link -
Reckhard, Tobias