could not stop ipsec anymore

[cc]

hi

I could not stop ipsec on debian sarge stable:

if I start with:

Code:

# /etc/init.d/ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 2.04...
ipsec_setup: insmod: ipsec: no module by that name found
ipsec_setup: /sbin/insmod /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: WARNING: setkey not found.

could not stop anymore:

Code:

# /etc/init.d/ipsec stop
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: Attempt to shut Pluto down failed! Trying kill:
ipsec_setup: /usr/lib/ipsec/_realsetup: line 1: kill: (2192) - Kein passender Prozess gefunden

ipsec is still running !
even if I try to kill the process, it starts again


my config file:

Code:

# cat /etc/ipsec.conf

# basic configuration
config setup
interfaces=%defaultroute
#interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
#plutoload=%search
#plutostart=%search

uniqueids=yes
forwardcontrol=yes
#Enable NAT-Traversal
#nat_traversal=yes


# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
#compress=yes

# sample VPN connection
conn Firebox1
authby=secret
left=202.X.X.10
leftnexthop=202.X.X.1
leftsubnet=192.168.0.0/24
right=202.X.X.10
rightnexthop=202.X.X.1
rightsubnet=192.168.115.0/24
keyexchange=ike
pfs=yes
auto=start

conn Firebox2
authby=secret
left=202.X.X.10
leftnexthop=202.X.X.1
leftsubnet=10.0.0.0/8
right=202.X.X.10
rightnexthop=202.X.X.1
rightsubnet=192.168.115.0/24
keyexchange=ike
pfs=yes
auto=start

conn Firebox3
authby=secret
left=202.X.X.10
leftnexthop=202.X.X.1
leftsubnet=192.168.1.0/24
right=202.X.X.10
rightnexthop=202.X.X.1
rightsubnet=192.168.115.0/24
keyexchange=ike
pfs=yes
auto=start

knows someone howto solve this problem ?

[cc]

the problem is solved !

I've done a Kernel upgrade to 2.6.8-2-686
and changed in /etc/ipsec.conf from:

interfaces=%defaultroute

to:

interfaces="ipsec0=eth0"

now it seems to be OK now.

[cc]

but what I could only not understand

Code:

# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux FreeS/WAN U2.04/K(no kernel code presently loaded)
Checking for KLIPS support in kernel [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing

Opportunistic Encryption DNS checks:
Looking for TXT in forward map: ext.domain.net [MISSING]
Does the machine have at least one non-private address? [FAILED]

is howto solve these FAILED or MISSING problems ?