Okay... I still think something is wrong. This is what
/etc/init.d/ipsec start is doing:
ipsec_setup: Starting Openswan IPsec 1.0.9...
insmod: not an ELF file
insmod: Could not load the module: Success
ipsec_setup: Using ipsec
ipsec_setup: Using /lib/modules/ipsec.o
_startklips has this line somewhere in the middle:
# load module if possible
if test ! -f $ipsecversion
then
# statically compiled KLIPS not found; try to load the module
insmod ipsec
fi
^
|
--- errors out here because /lib/modules is not in my path
and it's trying to load the ipsec executable.
Should /lib/modules be in the path (presumably the start)?
The following 'if' statement has this:
test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o
And this is where the module loads successfully.
The entire block of statements:
# load module if possible
if test ! -f $ipsecversion
then
# statically compiled KLIPS not found; try to load the module
insmod ipsec
fi
if test ! -f $ipsecversion
then
if test -r $modules # kernel does have modules
then
# setmodule
# unset MODPATH MODULECONF # no user overrides!
# depmod -a >/dev/null 2>&1
# modprobe -v ipsec
test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o
fi
if test ! -f $ipsecversion
then
echo "kernel appears to lack KLIPS"
exit 1
fi
fi
Observation: why is 'if test ! -f $ipsecversion' tested twice?
Conclusion: I have commented out 'if...insmod ipsec' and ipsec_aes.o is
now loaded/unloaded through prepluto=/postpluto= in ipsec.conf. -cpu
Erich Titl wrote:
> cpu memhd wrote:
>
>> Using buildtool to build openswan for bering-uclibc 2.3 beta (kernel
>> 2.4.29). Copy ipsec.lrp to LEAF box... everything seems normal
except
>> ipsec does not load ipsec_aes.o like it used to before.
>>
>>
> IIRC this was never loaded by the original (FreeSWan) code. It is
pretty trivial to fix though.
>
>> This becomes more of a problem when I want to:
>>
>> svi ipsec stop (or restart) because it cannot unload ipsec.o without
>> first unloading ipsec_aes.o (which must be loaded manually).
>>
>> I don't understand how this autoloading of modules works. I have
>> compiled my own kernel and perhaps I goofed somewhere, or something
>> else to tweak, or a problem with newer ipsec?
>>
>>
> No autoloading done here you can look in /lib/ipsec
>
> # grep insmod *
> _startklips: echo "insmod failed, but found matching
template module $wantgoo."
> _startklips: insmod ipsec
> _startklips: insmod ipsec_aes
> _startklips: test -r /lib/modules/ipsec.o && insmod
/lib/modules/ipsec.o
>
> styx: -root-
> # grep rmmod *
> _realsetup: rmmod ipsec_aes
> _realsetup: rmmod ipsec
>
> cheers
>
> Erich
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>
------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
