Openswan 2.x IPsec from scratch
Continues from
<a href="http://supportforum.sun.com/sjds/index.php?t=msg& #38;amp;goto=6530" target="_blank">http://supportforum.sun.com/sjds/index.php?t=msg&goto=65 30</a>
<table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>mrmdls wrote on Sat, 04 December 2004 16:21</b></td></tr><tr><td class="quote">
Terje,
Well, I finally got around to building openswan-2.2.0 rpm, I also had to build gmp-4.1.3, which I posted as well.
Dave S.
</td></tr></table>
Dave,
Thank you a lot. I myself have to really start from scratch reading docs, asking control questions, installing and testing the Openswan package on JDS. And I hope together with other interested users on this forum, we will be able to find out how to get it to work.
After download I see the Openswan 2.2 rpm for JDS is 2.97 Mb, while the rpm for Suse9 is 1.039 Mb. I wonder if this is due to differences in the software like KLIPS "kernel 2.4 IPsec support" vs "26sec" included in the 2.6 kernel or from other reasons?
Installation:
# rpm -Uvh gmp-4.1.3-3jds.i386.rpm
( -ivh caused conflicts with files from gmp-4.0-209)
# rpm -ivh openswan-2.2.0-8.jds.i386.rpm
Starting Openswan and testing the installation according to
<a href="http://wiki.openswan.org/index.php/Installing" target="_blank">http://wiki.openswan.org/index.php/Installing</a>
"Bring Openswan up with" does not work:
# service ipsec start
bash: service: command not found
"This is not necessary if you've rebooted, as Openswan is added to runlevel 3 init scripts."
I didn't find this mentioned startup script on the JDS, but I found it on Suse9.1:
/etc/init.d/rc3.d/S03ipsec
However I found another shell script on JDS that I tried to start Openswan, but which results in some error messages as follows:
# /etc/init.d/ipsec start
ipsec_setup: Starting Openswan IPsec 2.2.0...
ipsec_setup: /usr/lib/ipsec/eroute: pfkey write failed, returning -1 with errno=22.
ipsec_setup: Invalid argument, check kernel log messages for specifics.
ipsec_setup: WARNING: changing route filtering on eth0 (changing /proc/sys/net/ipv4/conf/eth0/rp_filter from 1 to 0)
# /etc/init.d/ipsec start
ipsec_setup: Openswan IPsec apparently already running, start aborted
Test your install
To check that you have a successful install, run:
# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path[OK]
Linux Openswan U2.2.0/K1.98b (klips)
Checking for IPsec support in kernel[OK]
Checking for RSA private key (/etc/ipsec.secrets)[OK]
Checking that pluto is running[OK]
Two or more interfaces found, checking IP forwarding[FAILED]
Checking for 'ip' command[OK]
Checking for 'iptables' command[OK]
Checking for 'curl' command for CRL fetching[OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: dhcppc2 [MISSING]
Does the machine have at least one non-private address? [FAILED]
I stop here to get some feedback on this Installing attempts, before I continue with the wiki's Configuring.
Terje
