Okay... I still think something is wrong. This is what /etc/init.d/ipsec start is doing:
ipsec_setup: Starting Openswan IPsec 1.0.9... insmod: not an ELF file insmod: Could not load the module: Success ipsec_setup: Using ipsec ipsec_setup: Using /lib/modules/ipsec.o _startklips has this line somewhere in the middle: # load module if possible if test ! -f $ipsecversion then # statically compiled KLIPS not found; try to load the module insmod ipsec fi ^ | --- errors out here because /lib/modules is not in my path and it's trying to load the ipsec executable. Should /lib/modules be in the path (presumably the start)? The following 'if' statement has this: test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o And this is where the module loads successfully. The entire block of statements: # load module if possible if test ! -f $ipsecversion then # statically compiled KLIPS not found; try to load the module insmod ipsec fi if test ! -f $ipsecversion then if test -r $modules # kernel does have modules then # setmodule # unset MODPATH MODULECONF # no user overrides! # depmod -a >/dev/null 2>&1 # modprobe -v ipsec test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o fi if test ! -f $ipsecversion then echo "kernel appears to lack KLIPS" exit 1 fi fi Observation: why is 'if test ! -f $ipsecversion' tested twice? Conclusion: I have commented out 'if...insmod ipsec' and ipsec_aes.o is now loaded/unloaded through prepluto=/postpluto= in ipsec.conf. -cpu Erich Titl wrote: > cpu memhd wrote: > >> Using buildtool to build openswan for bering-uclibc 2.3 beta (kernel >> 2.4.29). Copy ipsec.lrp to LEAF box... everything seems normal except >> ipsec does not load ipsec_aes.o like it used to before. >> >> > IIRC this was never loaded by the original (FreeSWan) code. It is pretty trivial to fix though. > >> This becomes more of a problem when I want to: >> >> svi ipsec stop (or restart) because it cannot unload ipsec.o without >> first unloading ipsec_aes.o (which must be loaded manually). >> >> I don't understand how this autoloading of modules works. I have >> compiled my own kernel and perhaps I goofed somewhere, or something >> else to tweak, or a problem with newer ipsec? >> >> > No autoloading done here you can look in /lib/ipsec > > # grep insmod * > _startklips: echo "insmod failed, but found matching template module $wantgoo." > _startklips: insmod ipsec > _startklips: insmod ipsec_aes > _startklips: test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o > > styx: -root- > # grep rmmod * > _realsetup: rmmod ipsec_aes > _realsetup: rmmod ipsec > > cheers > > Erich > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html