[Swan] ipsec issue
Paul Wouters
paul at nohats.ca
Fri Jan 17 04:03:35 EET 2014
On Thu, 16 Jan 2014, Gopi Boga wrote:
> i am trying to stop ipsec service it is giving some errors.
> can you please some help me resolving this issue.thanks in advance.
>
>
> [flx4008]-> service ipsec restart
> ipsec_setup: Stopping Openswan IPsec...
> ipsec_setup: ERROR: Module xfrm6_mode_tunnel is in use
> ipsec_setup: ERROR: Module xfrm4_mode_tunnel is in use
> ipsec_setup: ERROR: Module esp4 is in use
These are an unfortunate side-effect of the NETKEY/XFRM IPsec stack.
You can suppress these warnings using:
echo 0 > /proc/sys/net/core/xfrm_larval_drop
But that has other delaying consequences, see:
https://lists.libreswan.org/pipermail/swan/2013/000599.html
> ipsec_setup: Starting Openswan IPsec U2.6.38dr2/K2.6.32-358.6.2.el6.x86_64...
> ipsec_setup: multiple ip addresses, using 10.0.34.1 on eth0
> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
libreswan no longer gives these non-fips messages.
Paul
More information about the Swan
mailing list