[strongSwan] problem in HA

Ali Masoudi masoudi1983 at gmail.com
Sat Nov 17 15:09:06 CET 2012 

Hi

I wanted to test HA (high availability) in StrongSwan. I applied
patches available in

http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability

, but when I try to make kernel, gives me this error:


ERROR: "xfrm_replay_advance" [net/ipv4/netfilter/ipt_CLUSTERIP.ko] undefined!
make[1]: *** [__modpost] Error 1
make: *** [modules] Error 2

so I did grep in source of kernel for "xfrm_replay_advance" and I
found it in /net/xfrm/xfrm_state.c then I added
EXPORT_SYMBOL(xfrm_replay_advance). It solved the problem. If I
compile ipt_CLUSTERIP as a built-in in kernel, it does not give any
errors too.

After recompilation and inserting the modules related to netfilter in
the kernel, I faced this:


[root at SG linux]# iptables -L
iptables v1.4.10: can't initialize iptables table `filter': Module is
wrong version
Perhaps iptables or your kernel needs to be upgraded.

I understand that this might not related to strongswan, but I dare to
ask. Should I compile iptables in userland again? Is there anybody who
has this problem too?

It seems that modules start successfully but I think iptables can not
initialize and connect with them.
Thanks, I really appreciate any comment or tips.

here is the log of dmesg:

[    2.960589] Netfilter messages via NETLINK v0.30.
[    2.960600] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[    2.960715] CONFIG_NF_CT_ACCT is deprecated and will be removed
soon. Please use
[    2.960717] nf_conntrack.acct=1 kernel parameter, acct=1
nf_conntrack module option or
[    2.960719] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
[    2.960731] ctnetlink v0.93: registering with nfnetlink.
[    2.960809] ip_tables: (C) 2000-2006 Netfilter Core Team
[    2.960837] ClusterIP Version 0.9 loaded successfully
[    2.960842] TCP cubic registered
[    2.960843] Initializing XFRM netlink socket
[    2.961123] NET: Registered protocol family 10
[    2.961270] lo: Disabled Privacy Extensions
[    2.961299] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    2.961323] IPv6 over IPv4 tunneling driver
[    2.961436] sit0: Disabled Privacy Extensions
[    2.961449] NET: Registered protocol family 17
[    2.961470] Using IPI Shortcut mode
[    2.961603] registered taskstats version 1
[    2.962627] Freeing unused kernel memory: 360k freed

More information about the Users mailing list