Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Help with 5.6 ipsec Problem after upgrade from 5.1
« previous next »
Pages: [1]   Go Down

Help with 5.6 ipsec Problem after upgrade from 5.1

  • 3 Replies
  • 668 Views

Jon

Help with 5.6 ipsec Problem after upgrade from 5.1
« on: January 30, 2003, 06:23:43 AM »
I recently upgraded my 5.1 VPN box with freeswan to 5.6

The uprade appeared to work fine. When I tailed the secure to make sure ipsec was working correctly I started to see these messages

"/etc/ipsec.secrets" line 24: Modulus keyword not found where expected in RSA key

Well I look at the file and that line and noticed I no longer have an RSA Key

I went to the server-manager panel and look in the ipsec section for my key and nothing showed up.

Would I have to regenerate another key???

TIA
Logged

Lloyd Keen

Re: Help with 5.6 ipsec Problem after upgrade from 5.1
« Reply #1 on: January 30, 2003, 11:44:58 AM »
Try this:
To fix the problem with no key being displayed:
edit /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey
look for
@args = ("/usr/lib/ipsec/ipsec", "rsasigkey", "2048");
$result .= /usr/lib/ipsec/ipsec rsasigkey 2048;
and change them to read
@args = ("/usr/local/lib/ipsec/ipsec", "rsasigkey", "2048");
$result .= /usr/local/lib/ipsec/ipsec rsasigkey 2048;

then run /sbin/e-smith/signal-event ipsec-install
Logged

Jon

Re: Help with 5.6 ipsec Problem after upgrade from 5.1
« Reply #2 on: January 30, 2003, 06:01:46 PM »
Ok I tried that and I got my new key.

After giving the new key to the other VPN servers and restarting ipsec i get this message

an 30 09:01:38 vpn ipsec_setup: WARNING: eth1 has route filtering turned on, KLIPS may not work
Jan 30 09:01:38 vpn e-smith-bg: ipsec_setup: WARNING: eth1 has route filtering turned on, KLIPS may not work
Jan 30 09:01:38 vpn ipsec_setup:  (/proc/sys/net/ipv4/conf/eth1/rp_filter = 1', should be 0)

ANy help would be appreciated.


Thanks
Logged

Peter Schubert

Re: Help with 5.6 ipsec Problem after upgrade from 5.1
« Reply #3 on: February 04, 2003, 03:13:37 PM »
Hi,

just do an:
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter

thats all.Jon wrote:
>
> Ok I tried that and I got my new key.
>
> After giving the new key to the other VPN servers and
> restarting ipsec i get this message
>
> an 30 09:01:38 vpn ipsec_setup: WARNING: eth1 has route
> filtering turned on, KLIPS may not work
> Jan 30 09:01:38 vpn e-smith-bg: ipsec_setup: WARNING: eth1
> has route filtering turned on, KLIPS may not work
> Jan 30 09:01:38 vpn ipsec_setup:
> (/proc/sys/net/ipv4/conf/eth1/rp_filter = 1', should be 0)
>
> ANy help would be appreciated.
>
>
> Thanks
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Help with 5.6 ipsec Problem after upgrade from 5.1