[Swan] FAILURE in loading XFRM IPsec stack on 3.28
Computerisms Corporation
bob at computerisms.ca
Tue May 28 06:31:30 UTC 2019
Thanks Paul,
the patch didn't apply cleanly on barf.in, but I got it in there
manually. Compiles without error and pluto is running.
you are awesome!! thank you!!
On 2019-05-27 9:29 p.m., Paul Wouters wrote:
> On Mon, 27 May 2019, Computerisms Corporation wrote:
>
>> Thanks for responding, much appreciated.
>>> It is part of the kernel, and is created by enabling
>>> CONFIG_XFRM_STATISTICS.
>>
>> Acknowledged and understood.
>>
>>> Does your system have /proc/sys/net/core/xfrm_acq_expires ? Maybe we
>>> need to switch to that to test whether XFRM support is available.
>>
>> Apparently so:
>>
>> ls -al /proc/sys/net/core/xfrm_acq_expires
>> -rw-r--r-- 1 root root 0 May 27 17:24 /proc/sys/net/core/xfrm_acq_expires
>>
>>>> So, did I find a real problem, or am I just in need of someone to
>>>> point
>>>> out a glaringly obvious error on my part?
>>>
>>> It's not you, it's us :)
>>
>> Phew, not that I am happy to pass my troubles to others or anything ;)
>
> I've created a patch:
>
> https://github.com/libreswan/libreswan/commit/716f4b712724c6698469563e531dea3667507ceb
>
>
> (if you want a text based patch for use with "patch", append ".patch" to
> the above URL
>
> It should fix the XFRM detection for you.
>
>> Okay, so custom kernels are within my skill set, but I don't really
>> want to be creating a new custom kernel for every firewall I have
>> under my thumb. Pretty sure one of the happiest days in my computing
>> career was finding linux-image in the apt repos. Is there an
>> immediate workaround short of installing an older version? can I
>> change the _stackmanager.in file to look for this
>> /proc/sys/net/core/xfrm_acq_expires file instead? or will that just
>> move me to the next problem?
>
> That's only part of the problem. pluto itself also checks. So best to
> just apply the above patch :)
>
> Paul
More information about the Swan
mailing list