Roman Drahtmueller wrote:
Roman,
I saw the new freeswan package this morning and tried to reinstall the k_deflt-2.4.19-329 package as well as the freeswan-1.98_0.9.14-238.i586.patch.rpm package. These two packages still wont play together though, maybe I misunderstood you and you're saying that I need to wait for a kernel update as well. Anyway, the error messages are:
Jul 28 06:19:33 <hostname> kernel: ipsec4_rcv: no policy for packet Jul 28 06:19:38 <hostname> kernel: NET: 9 messages suppressed. Jul 28 06:19:38 <hostname> kernel: ipsec4_rcv: no policy for packet Jul 28 06:19:43 <hostname> kernel: NET: 9 messages suppressed.
This is strange. It worked well in all of our tests, and I've just tried it out on my machine at home. The originally installed RPM from the CD plus the patch RPM make the new RPM, bitwise. My tunnels work correctly.
Now, please make sure that you
* Only have one package called k_deflt and freeswan installed * that `rpm -q freeswan` tells you "freeswan-1.98_0.9.14-238". * that you executed mk_initrd and lilo (just in case...) before you have actually rebooted (must be).
Roman, So I tried to install the new packages once more, so here goes (from a working 8.1 system): <hostname>:~ # fou4s -in ftp.sunet.se: Checking [#################################] 100 % New freeswan 1.98_0.9.14-238 (old 1.98_0.9.14-72) [recommended, 595kB] [ok] Installing freeswan-1.98_0.9.14-238.i586.patch.rpm New k_deflt 2.4.19-329 (old 2.4.19-110) [security, 19351kB] [ok] Installing k_deflt-2.4.19-329.i586.patch.rpm Starting SuSEconfig, the SuSE Configuration Tool... Running in full featured mode. Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.aaa_at_first... Executing /sbin/conf.d/SuSEconfig.alljava... Executing /sbin/conf.d/SuSEconfig.doublecheck... Executing /sbin/conf.d/SuSEconfig.fonts... Executing /sbin/conf.d/SuSEconfig.groff... Executing /sbin/conf.d/SuSEconfig.hostname... Executing /sbin/conf.d/SuSEconfig.libxml2... Executing /sbin/conf.d/SuSEconfig.man_info... Executing /sbin/conf.d/SuSEconfig.news... Executing /sbin/conf.d/SuSEconfig.perl... Executing /sbin/conf.d/SuSEconfig.permissions... Executing /sbin/conf.d/SuSEconfig.profiles... Executing /sbin/conf.d/SuSEconfig.sendmail... Executing /sbin/conf.d/SuSEconfig.sortpasswd... Finished. WARNING ======= The following processes are accessing deleted files: PID COMMAND 18211 pluto Please restart these processes to finish the update. You can check for used files using the command fou4s --checkdeleted (can be abbreviated with --checkd) or using the command lsof -n | grep RPMDELETE <hostname>:~ # mk_initrd using "/dev/hda3" as root device (mounted on "/" as "reiserfs") creating initrd "/boot/initrd" for kernel "/boot/vmlinuz" (version 2.4.19-4GB) - insmod reiserfs (kernel/fs/reiserfs/reiserfs.o) creating initrd "/boot/initrd.shipped" for kernel "/boot/vmlinuz.shipped" (version 2.4.19-4GB) - insmod reiserfs (kernel/fs/reiserfs/reiserfs.o) Note that I use grub (the default for 8.1 as far as I know), this is the first time a use grub but from reading the docs I can't see any reason why I would have to rerun anythin. Please correct me if I'm wrong here ! *reboot* After the reboot, no go, same stuff: Jul 28 11:52:02 <hostname> kernel: ipsec0: no IPv6 routers present Jul 28 11:52:02 <hostname> kernel: ipsec4_rcv: no policy for packet Jul 28 11:52:02 <hostname> kernel: ipsec4_rcv: incoming packet failed policy check; dropped Jul 28 11:52:03 <hostname> kernel: ipsec4_rcv: no policy for packet Jul 28 11:52:07 <hostname> kernel: NET: 7 messages suppressed. Jul 28 11:52:07 <hostname> kernel: ipsec4_rcv: no policy for packet Jul 28 11:52:12 <hostname> kernel: NET: 9 messages suppressed. /root# rpm -qa | grep k_deflt k_deflt-2.4.19-329 /root# rpm -qa | grep freeswan freeswan-1.98_0.9.14-238 /root# rpm -qf /lib/modules/2.4.19-4GB/kernel/net/ipv4/ipsec/ipsec.o k_deflt-2.4.19-329 Go bak to the old kernel, I assume this is safe ??? root# rpm -U --force k_deflt-2.4.19-110.i586.rpm Please do not forget to run 'mk_initrd' after updating the kernel. /root# mk_initrd using "/dev/hda3" as root device (mounted on "/" as "reiserfs") creating initrd "/boot/initrd" for kernel "/boot/vmlinuz" (version 2.4.19-4GB) - insmod reiserfs (kernel/fs/reiserfs/reiserfs.o) creating initrd "/boot/initrd.shipped" for kernel "/boot/vmlinuz.shipped" (version 2.4.19-4GB) - insmod reiserfs (kernel/fs/reiserfs/reiserfs.o) /root# rpm -U --force freeswan-1.98_0.9.14-72.i586.rpm warning: /etc/ipsec.conf created as /etc/ipsec.conf.rpmnew Leave old IPsec RSA signature key untouched. /root# reboot After reboot all is fine again (using the old rpms). -- Daniel Nilsson Principal Consultant Signal Integrity Software Inc. 6 Clock Tower Place, Suite 250 Maynard, MA 01754 Phone: (978) 461-0449, ext 12 Cell: (508) 783-1379 http://www.sisoft.com