• OpenSwan IpSec Kernel issue (?)


    Hi all,

    I have a router home based on Antergos and I was trying to install OpenSwan to set up tunneling. I have installed packages from AUR (OpenSwan is not on official for x86 platforms) and after installing, configuring and starting (systemctl start openswan) I get:

    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: Starting Openswan IPsec 2.6.41…
    Aug 04 09:28:16 xaffax-router ipsec[14581]: ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: No KLIPS support found while requested, desperately falling back to netkey
    Aug 04 09:28:16 xaffax-router ipsec[14581]: ipsec_setup: Even NETKEY support is not there, aborting
    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: Even NETKEY support is not there, aborting
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: Stopping Openswan IPsec…
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: Stopping Openswan IPsec…
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: stop ordered, but IPsec appears to be already stopped!
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: doing cleanup anyway…
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: stop ordered, but IPsec appears to be already stopped!
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: doing cleanup anyway…
    Aug 04 09:28:16 xaffax-router systemd[1]: openswan.service start request repeated too quickly, refusing to start.
    Aug 04 09:28:16 xaffax-router systemd[1]: Failed to start Openswan daemon.
    Aug 04 09:28:16 xaffax-router systemd[1]: Unit openswan.service entered failed state.

    Also when I run “ipsec verify” I get:
    Checking if IPsec got installed and started correctly:

    Version check and ipsec on-path [OK]
    Openswan U2.6.41/K(no kernel code presently loaded)
    See `ipsec --copyright’ for copyright information.
    Checking for IPsec support in kernel [FAILED]

    The ipsec service should be started before running ‘ipsec verify’

    Hardware random device check [N/A]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/enp0s8/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/enp0s9/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/ppp0/rp_filter [ENABLED]
    Checking that pluto is running [FAILED]
    Checking NAT and MASQUERADEing [TEST INCOMPLETE]
    Checking ‘ip’ command [OK]
    Checking ‘iptables’ command [OK]

    Kernel support is failed, because openswan cannot start… And it cannot start because there is no kernel support for netkey nor klips as I understand. Anyone encountered a similar problem and can help on that? I assume it’s Antergos problem since according to arch wiki ipsec support is there and it should work just fine.

    Any help is appreciated.

    Also I am running this:
    [[email protected] ~]$ uname -a
    Linux xaffax-router 3.15.7-1-ARCH #1 SMP PREEMPT Mon Jul 28 20:06:17 CEST 2014 x86_64 GNU/Linux

    If anyone’s got a clue, please let me know. Thanks!

    Regards,
    XaFFaX

  • Hi all,

    I have a router home based on Antergos and I was trying to install OpenSwan to set up tunneling. I have installed packages from AUR (OpenSwan is not on official for x86 platforms) and after installing, configuring and starting (systemctl start openswan) I get:

    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: Starting Openswan IPsec 2.6.41…
    Aug 04 09:28:16 xaffax-router ipsec[14581]: ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: No KLIPS support found while requested, desperately falling back to netkey
    Aug 04 09:28:16 xaffax-router ipsec[14581]: ipsec_setup: Even NETKEY support is not there, aborting
    Aug 04 09:28:16 xaffax-router ipsec_setup[14589]: Even NETKEY support is not there, aborting
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: Stopping Openswan IPsec…
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: Stopping Openswan IPsec…
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: stop ordered, but IPsec appears to be already stopped!
    Aug 04 09:28:16 xaffax-router ipsec_setup[14656]: doing cleanup anyway…
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: stop ordered, but IPsec appears to be already stopped!
    Aug 04 09:28:16 xaffax-router ipsec[14650]: ipsec_setup: doing cleanup anyway…
    Aug 04 09:28:16 xaffax-router systemd[1]: openswan.service start request repeated too quickly, refusing to start.
    Aug 04 09:28:16 xaffax-router systemd[1]: Failed to start Openswan daemon.
    Aug 04 09:28:16 xaffax-router systemd[1]: Unit openswan.service entered failed state.

    Also when I run “ipsec verify” I get:
    Checking if IPsec got installed and started correctly:

    Version check and ipsec on-path [OK]
    Openswan U2.6.41/K(no kernel code presently loaded)
    See `ipsec --copyright’ for copyright information.
    Checking for IPsec support in kernel [FAILED]

    The ipsec service should be started before running ‘ipsec verify’

    Hardware random device check [N/A]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/enp0s8/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/enp0s9/rp_filter [ENABLED]
    /proc/sys/net/ipv4/conf/ppp0/rp_filter [ENABLED]
    Checking that pluto is running [FAILED]
    Checking NAT and MASQUERADEing [TEST INCOMPLETE]
    Checking ‘ip’ command [OK]
    Checking ‘iptables’ command [OK]

    Kernel support is failed, because openswan cannot start… And it cannot start because there is no kernel support for netkey nor klips as I understand. Anyone encountered a similar problem and can help on that? I assume it’s Antergos problem since according to arch wiki ipsec support is there and it should work just fine.

    Any help is appreciated.

    Also I am running this:
    [[email protected] ~]$ uname -a
    Linux xaffax-router 3.15.7-1-ARCH #1 SMP PREEMPT Mon Jul 28 20:06:17 CEST 2014 x86_64 GNU/Linux

    If anyone’s got a clue, please let me know. Thanks!

    Regards,
    XaFFaX

  • I’m not familiar with OpenSawn or IpSec so I can’t be of much help. I just wanted to point out that the issue could not be an Antergos one as we do not modify the Arch kernel. You are using Arch, unmodified

    Did you load the kernel modules using modprobe? (Just throwing that out there, like I said I’m not familiar with this topic)

    CHEERS!

  • Thanks for the reply! I will also try on Arch forums, maybe they will help… I do not get what is wrong with that. And yes, it may be that modprobe will help, I do not know what to modprobe though

    EDIT: Ok, so I managed to resolve the problem. It turns out, that when doing an update which involves kernel being updated the system does not notify you that a restart is required. And what essentially happens is that some of the modules/libraries/whatever are “missing” (or should I rather say, system is looking for them in a wrong place) which causes such problems. It is probably not the only issue it may cause. Since it is a router I forgot about doing such an update and it caused openswan to have problems. At least I think this is the problem, all I did is restart and reinstall of openswan and it works fine. All in all - I would propose doing a restart each time an update is made, just in case such problems occur.

    Thanks,
    XaFFaX

Posts 4Views 2168
Log in to reply