Find the answer to your Linux question:
Results 1 to 3 of 3
hi I could not stop ipsec on debian sarge stable: if I start with: Code: # /etc/init.d/ipsec start ipsec_setup: Starting FreeS/WAN IPsec 2.04... ipsec_setup: insmod: ipsec: no module by that ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    cc
    cc is offline
    Linux Newbie
    Join Date
    Jun 2004
    Posts
    120

    could not stop ipsec anymore


    hi

    I could not stop ipsec on debian sarge stable:

    if I start with:
    Code:
    # /etc/init.d/ipsec start
    ipsec_setup: Starting FreeS/WAN IPsec 2.04...
    ipsec_setup: insmod: ipsec: no module by that name found
    ipsec_setup: /sbin/insmod /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
    ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
    ipsec_setup: Symbol version prefix ''
    ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
    ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
    ipsec_setup: Symbol version prefix ''
    ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
    ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
    ipsec_setup: Symbol version prefix ''
    ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
    ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
    ipsec_setup: Symbol version prefix ''
    ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
    ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
    ipsec_setup: Symbol version prefix ''
    ipsec_setup: WARNING: setkey not found.
    could not stop anymore:
    Code:
    # /etc/init.d/ipsec stop
    ipsec_setup: Stopping FreeS/WAN IPsec...
    ipsec_setup: Attempt to shut Pluto down failed! Trying kill:
    ipsec_setup: /usr/lib/ipsec/_realsetup: line 1: kill: (2192) - Kein passender Prozess gefunden
    ipsec is still running !
    even if I try to kill the process, it starts again


    my config file:
    Code:
    # cat /etc/ipsec.conf
    
    # basic configuration
    config setup
    interfaces=%defaultroute
    #interfaces="ipsec0=eth0"
    klipsdebug=none
    plutodebug=none
    #plutoload=%search
    #plutostart=%search
    
    uniqueids=yes
    forwardcontrol=yes
    #Enable NAT-Traversal
    #nat_traversal=yes
    
    
    # defaults for subsequent connection descriptions
    # (these defaults will soon go away)
    conn %default
    keyingtries=0
    disablearrivalcheck=no
    leftrsasigkey=%dnsondemand
    rightrsasigkey=%dnsondemand
    #compress=yes
    
    # sample VPN connection
    conn Firebox1
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=192.168.0.0/24
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start
    
    conn Firebox2
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=10.0.0.0/8
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start
    
    conn Firebox3
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=192.168.1.0/24
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start
    knows someone howto solve this problem ?

  2. #2
    cc
    cc is offline
    Linux Newbie
    Join Date
    Jun 2004
    Posts
    120
    the problem is solved !

    I've done a Kernel upgrade to 2.6.8-2-686
    and changed in /etc/ipsec.conf from:

    interfaces=%defaultroute

    to:

    interfaces="ipsec0=eth0"

    now it seems to be OK now.

  3. #3
    cc
    cc is offline
    Linux Newbie
    Join Date
    Jun 2004
    Posts
    120
    but what I could only not understand
    Code:
    # ipsec verify
    Checking your system to see if IPsec got installed and started correctly:
    Version check and ipsec on-path [OK]
    Linux FreeS/WAN U2.04/K(no kernel code presently loaded)
    Checking for KLIPS support in kernel [FAILED]
    Checking for RSA private key (/etc/ipsec.secrets) [OK]
    Checking that pluto is running [OK]
    Two or more interfaces found, checking IP forwarding [OK]
    Checking NAT and MASQUERADEing
    
    Opportunistic Encryption DNS checks:
    Looking for TXT in forward map: ext.domain.net [MISSING]
    Does the machine have at least one non-private address? [FAILED]
    is howto solve these FAILED or MISSING problems ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •