Hi I wanted to test HA (high availability) in StrongSwan. I applied patches available in
http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability , but when I try to make kernel, gives me this error: ERROR: "xfrm_replay_advance" [net/ipv4/netfilter/ipt_CLUSTERIP.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 so I did grep in source of kernel for "xfrm_replay_advance" and I found it in /net/xfrm/xfrm_state.c then I added EXPORT_SYMBOL(xfrm_replay_advance). It solved the problem. If I compile ipt_CLUSTERIP as a built-in in kernel, it does not give any errors too. After recompilation and inserting the modules related to netfilter in the kernel, I faced this: [root@SG linux]# iptables -L iptables v1.4.10: can't initialize iptables table `filter': Module is wrong version Perhaps iptables or your kernel needs to be upgraded. I understand that this might not related to strongswan, but I dare to ask. Should I compile iptables in userland again? Is there anybody who has this problem too? It seems that modules start successfully but I think iptables can not initialize and connect with them. Thanks, I really appreciate any comment or tips. here is the log of dmesg: [ 2.960589] Netfilter messages via NETLINK v0.30. [ 2.960600] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) [ 2.960715] CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use [ 2.960717] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or [ 2.960719] sysctl net.netfilter.nf_conntrack_acct=1 to enable it. [ 2.960731] ctnetlink v0.93: registering with nfnetlink. [ 2.960809] ip_tables: (C) 2000-2006 Netfilter Core Team [ 2.960837] ClusterIP Version 0.9 loaded successfully [ 2.960842] TCP cubic registered [ 2.960843] Initializing XFRM netlink socket [ 2.961123] NET: Registered protocol family 10 [ 2.961270] lo: Disabled Privacy Extensions [ 2.961299] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 2.961323] IPv6 over IPv4 tunneling driver [ 2.961436] sit0: Disabled Privacy Extensions [ 2.961449] NET: Registered protocol family 17 [ 2.961470] Using IPI Shortcut mode [ 2.961603] registered taskstats version 1 [ 2.962627] Freeing unused kernel memory: 360k freed _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
