[Swan] V3.5 and Kernel 3.9 modprobe ipsec failed
Sven Schiwek
sven.schiwek at svenux.de
Sun Jul 21 10:19:45 EEST 2013
I made some testing with Debian stable kernel (3.2) and testing kernel (3.9). Both have set CONFIG_NET_NS but only with kernel 3.2 Libreswan klips is loading fine.
I also tested Openswan 2.6.39 and ipsec is loading fine with the new 3.9 kernel but Openswan has some other problems with NAT …
However for me it looks like something changed in Libreswan V3.5 with the result that is's not compatible with Debian testing anymore.
Any help is greatly appreciated.
Sven
On Jul 15, 2013, at 3:53 PM, Lennart Sorensen <lsorense at csclub.uwaterloo.ca> wrote:
> On Sun, Jul 14, 2013 at 10:24:58PM +0200, Sven Schiwek wrote:
>> I installed Libreswan 3.5 on a Debian testing (jessie) environment and run into this problem:
>>
>> [15:11] root pm-kvm01.test[17]:/home/sysop# modprobe ipsec
>> [18705.100565] Protocol 50 is not namespace aware, cannot register.
>> [18705.102096] KLIPS: can not register ESP protocol - recompile with CONFIG_INET_ESP disabled or as module
>> ERROR: could not insert 'ipsec': Invalid argument
>>
>> [15:12] root pm-kvm01.test[20]:/home/sysop# uname -a
>> Linux pm-kvm01 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
>
> Based on the error, I would guess that klips' ESP module isn't compatible
> with CONFIG_NET_NS. Debian has that on in their kernels, given is is
> very useful for things like lxc and other neat things.
>
> Just a guess though. I haven't bothered with klips for years.
>
> --
> Len Sorensen
More information about the Swan
mailing list