Hello Cpu,
A pity 2.4.4 is not working ok for you. You are the first reporting a
problem with it.
I looked through various documents and it seems like all those ciphers are
supported but probably internal.
Does the _startklips fix still suports plain ethx interfaces?
Eric
> Hi Eric,
>
>
> I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the
> newer
>
> _startklips and the line is the same. To me, this suggests it's making
> the
>
> same assumptions about the interface. My guess is that it will work.
>
> original 2.4.4 /usr/lib/ipsec/_startklips:
>
>
> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>
> original 1.0.9 /lib/ipsec/_startklips:
>
>
> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>
> -cpu
>
>
> Eric Spakman wrote:
>
>> Hello Cpu,
>>
>>
>> Does the same fix applies to our current openswan-2.4.4?
>>
>>
>> Eric
>>
>>
>>> Hello,
>>>
>>>
>>>
>>> In addition to specifying a label I couldn't get openswan to work
>>> with secondary IPs unless I changed this line in _startklips:
>>>
>>> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>>>
>>> to:
>>>
>>>
>>>
>>> eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p
>>>
>>> -cpu
>>>
>>>
>>>
>>> Charles Steinkuehler wrote:
>>>
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>>
>>>> Sandro Doro wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>>
>>>>> I am testing Bering 2.3.1 with a multiple IP interface as:
>>>>>
>>>>>
>>>>>
>>>>> # ip addr show eth0
>>>>> 5: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc
>>>>> pfifo_fast
>>>>>
>>> qlen
>>>>> 1000
>>>>> link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff inet
>>>>> 82.46.148.130/24 brd 82.46.148.255 scope global eth0
>>>>> inet 82.46.148.128/24 scope global secondary eth0 inet6
>>>>> fe80::fcfd:58ff:fe24:f8e6/64 scope link
>>>>>
>>>>>
>>>>>
>>>>> Using the included ipsec.lrp (v.1.0.9) I setup VPN with:
>>>>>
>>>>>
>>>>>
>>>>> # /etc/ipsec.conf
>>>>> [...]
>>>>> interfaces="ipsec0=eth0 ipsec1=eth0:0" [...]
>>>>>
>>>>>
>>>>> After "/etc/init.d/ipsec restart" the following messages is
>>>>> printed:
>>>>>
>>>>>
>>>>>
>>>>> Device "eth0:0" does not exist.
>>>>> ipsec_setup: unable to determine address of `eth0:0'
>>>>>
>>>>>
>>>>>
>>>>> This messages is printed also if I change the ip address with the
>>>>> following command:
>>>>>
>>>>> ip addr add 82.46.148.128/24 dev eth0 label eth0:0
>>>>>
>>>>> I have read in
>>>>>
>>>>>
>>>>>
>>>>> http://www.freeswan.ca/docs/HA/HA_VPNS_With_FreeSWAN.html
>>>>>
>>>>>
>>>>>
>>>>> that this interface specification is correct. This is possible
>>>>> only
> in
>>>>> v2 release (Bering v2.4) ?
>>>>>
>>>>> Thank you for any suggestions.
>>>>>
>>>>>
>>>> I haven't tried this with FreeS/WAN, but I suspect your problem is
>>>> you don't have an eth0:0.
>>>>
>>>> You *DO* have a secondary IP address on your external interface,
>>>> but
> it
>>>> has no "name" (linux hasn't required the eth<n>:<m> syntax since at
>>>> least 2.2).
>>>>
>>>> Try removing the secondary IP, re-adding it with an appropriate
>>>> label then starting freeswan:
>>>>
>>>> ip addr del 82.46.148.128/24 dev eth0 ip addr add 82.46.148.128/24
> label
>>>> eth0:0 dev eth0
>>>> svi ipsec start
>>>>
>>>> ...if that works, you'll need to change how you're adding the IP
>>>> alias in your startup scripts.
>>>>
>>>> - --
>>>> Charles Steinkuehler
>>>> [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG
>>>> v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla -
>>>> http://enigmail.mozdev.org
>>>>
>>>>
>>>>
>>>> iD8DBQFD7LMYLywbqEHdNFwRAugOAJ9ySUIKShtjxak6/YBdOhXEvwNIMwCeLvg3
>>>> rd55FxcC8wzl6N+/BWa4368= =3irC -----END PGP SIGNATURE-----
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through
>>>> log
>>>>
>>> files
>>>> for problems? Stop! Download the new AJAX search engine that
>>>> makes searching your log files as easy as surfing the web.
>>>> DOWNLOAD
>>>>
> SPLUNK!
>
>>>>
>>>>
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>
>>>> 2
>>>>
>>>>
> ------------------------------------------------------------------------
>
>>>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>> Support Request -- http://leaf-project.org/
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Tired of spam? Yahoo! Mail has the best spam protection around
>>> http://mail.yahoo.com
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>> files for problems? Stop! Download the new AJAX search engine that
>>>
> makes
>>> searching your log files as easy as surfing the web. DOWNLOAD
> SPLUNK!
>
>>>
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
>
>>>
> ------------------------------------------------------------------------
>
>>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>> Support Request -- http://leaf-project.org/
>>>
>>>
>>>
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>
> files
>> for problems? Stop! Download the new AJAX search engine that makes
>> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>>
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
>> 2
>> ------------------------------------------------------------------------
>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
>>
>>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
