could not stop ipsec on debian sarge

cccc · 03-01-2006, 07:25 AM

hi

I could not stop ipsec on debian sarge stable:

if I start with:

Code:

# /etc/init.d/ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 2.04...
ipsec_setup: insmod: ipsec: no module by that name found
ipsec_setup: /sbin/insmod /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/key/af_key.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ah4.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/esp4.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/ipv4/ipcomp.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: /sbin/insmod -q /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
ipsec_setup: Using /lib/modules/2.4.27-2-386/kernel/net/xfrm/xfrm_user.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: WARNING: setkey not found.

could not stop anymore:

Code:

 
# /etc/init.d/ipsec stop
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: Attempt to shut Pluto down failed!  Trying kill:
ipsec_setup: /usr/lib/ipsec/_realsetup: line 1: kill: (2192) - Kein passender Prozess gefunden

ipsec is still running !

knows someone howto solve this problem ?

aspinnler · 03-01-2006, 07:43 AM

Could you not kill the process?

kill <pid>
->see man kill for more information

cccc · 03-01-2006, 07:47 AM

if I try to kill the process, it starts again

cccc · 03-01-2006, 08:40 AM

my config file:

Code:

# cat /etc/ipsec.conf

# basic configuration
config setup
    interfaces=%defaultroute
    #interfaces="ipsec0=eth0"
    klipsdebug=none
    plutodebug=none
    #plutoload=%search
    #plutostart=%search

    uniqueids=yes
    forwardcontrol=yes
    #Enable NAT-Traversal
    #nat_traversal=yes


# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
    keyingtries=0
    disablearrivalcheck=no
    leftrsasigkey=%dnsondemand
    rightrsasigkey=%dnsondemand
    #compress=yes

# sample VPN connection
conn Firebox1
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=192.168.0.0/24
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start

conn Firebox2
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=10.0.0.0/8
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start

conn Firebox3
    authby=secret
    left=202.X.X.10
    leftnexthop=202.X.X.1
    leftsubnet=192.168.1.0/24
    right=202.X.X.10
    rightnexthop=202.X.X.1
    rightsubnet=192.168.115.0/24
    keyexchange=ike
    pfs=yes
    auto=start

knows someone what's could be wrong ?

cccc · 03-01-2006, 06:51 PM

the problem is solved !

I've done a Kernel upgrade to 2.6.8-2-686
and changed in /etc/ipsec.conf from:

interfaces=%defaultroute

to:

interfaces="ipsec0=eth0"

now it seems to be OK now.

cccc · 03-01-2006, 07:10 PM

but what I could only not understand:

Code:

# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux FreeS/WAN U2.04/K(no kernel code presently loaded)
Checking for KLIPS support in kernel [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing

Opportunistic Encryption DNS checks:
Looking for TXT in forward map: ext.domain.net [MISSING]
Does the machine have at least one non-private address? [FAILED]

is howto solve these FAILED or MISSING problems ?