It appears that since the GCC update to 3.3.2, freeswan 1.99 is not building all the tools it normally builds. Specifically eroute isn't being built but I am not sure what other tools may be missing from /usr/lib/ipsec as eroute is stopping the VPN from coming up. Reproducible: Always Steps to Reproduce: 1.emerge freeswan 2. 3. Actual Results: gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c spdb.c In file included from spdb.c:35: log.h:125: warning: conflicting types for built-in function `log' spdb.c: In function `parse_isakmp_sa_body': spdb.c:782: warning: `life_type' might be used uninitialized in this function spdb.c: In function `parse_ipsec_sa_body': spdb.c:1527: warning: `ah_spi' might be used uninitialized in this function spdb.c:1527: warning: `esp_spi' might be used uninitialized in this function spdb.c:1527: warning: `ipcomp_cpi' might be used uninitialized in this function spdb.c: In function `parse_ipsec_transform': spdb.c:1192: warning: `life_type' might be used uninitialized in this function gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c sha1.c gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c md5.c gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c md2.c md2.c:68: warning: cast discards qualifiers from pointer target type md2.c:69: warning: cast discards qualifiers from pointer target type md2.c:70: warning: cast discards qualifiers from pointer target type md2.c:71: warning: cast discards qualifiers from pointer target type md2.c:72: warning: cast discards qualifiers from pointer target type md2.c:73: warning: cast discards qualifiers from pointer target type md2.c:74: warning: cast discards qualifiers from pointer target type md2.c:75: warning: cast discards qualifiers from pointer target type md2.c:76: warning: cast discards qualifiers from pointer target type md2.c:77: warning: cast discards qualifiers from pointer target type md2.c:78: warning: cast discards qualifiers from pointer target type md2.c:79: warning: cast discards qualifiers from pointer target type md2.c:80: warning: cast discards qualifiers from pointer target type md2.c:82: warning: cast discards qualifiers from pointer target type md2.c:84: warning: cast discards qualifiers from pointer target type md2.c:86: warning: cast discards qualifiers from pointer target type md2.c:89: warning: cast discards qualifiers from pointer target type gcc -o pluto asn1.o oid.o connections.o constants.o cookie.o crypto.o defs.o log.o state.o main.o server.o timer.o pem.o pkcs.o x509.o id.o ipsec_doi.o kernel.o kernel_comm.o demux.o packet.o preshared.o dnskey.o rnd.o spdb.o sha1.o md5.o md2.o ../lib/libdes.a ../lib/libfreeswan.a -lgmp -lresolv gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c adns.c gcc -o _pluto_adns adns.o ../lib/libfreeswan.a -lresolv gcc -I.. -I../klips/net/ipsec -I../lib -DPLUTO -DKLIPS -DDEBUG -DGCC_LINT -DSHARED_SECRETS_FILE=\"/etc/ipsec/ipsec.secrets\" -g -Wall -W -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wmissing-declarations -Wwrite-strings -Wstrict-prototypes -march=i686 -O3 -pipe -c whack.c whack.c: In function `main': whack.c:594: warning: `cd_seen_before_to' might be used uninitialized in this function whack.c:620: warning: `opt_whole' might be used uninitialized in this function gcc -o whack whack.o ../lib/libfreeswan.a make[1]: Leaving directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/pluto' make[1]: Entering directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/klips' make[2]: Entering directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/klips/utils' gcc -march=i686 -O3 -pipe -I../net/ipsec -I../../lib -march=i686 -O3 -pipe -Wall -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wbad-function-cast -c -o spi.o spi.c spi.c:85:35: missing terminating " character spi.c:107:1: missing terminating " character spi.c:110: error: syntax error before "static" spi.c:115: error: syntax error before '-' token spi.c:115: warning: type defaults to `int' in declaration of `exit' spi.c:115: warning: function declaration isn't a prototype spi.c:115: error: conflicting types for `exit' /usr/include/stdlib.h:612: error: previous declaration of `exit' spi.c:115: warning: data definition has no type or storage class spi.c: In function `parse_life_options': spi.c:299: warning: implicit declaration of function `usage' spi.c: In function `main': spi.c:1352: warning: deprecated use of label at end of compound statement spi.c:1373: warning: deprecated use of label at end of compound statement spi.c: At top level: spi.c:85: warning: `usage_string' defined but not used make[2]: *** [spi.o] Error 1 make[2]: Leaving directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/klips/utils' make[1]: *** [programs] Error 1 make[1]: Leaving directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/klips' make[1]: Entering directory `/var/tmp/portage/freeswan-1.99/work/freeswan-1.99/utils' cat ipsec.in | sed -e "s/xxx/1.99/" \ -e "s:@IPSEC_DIR@:/usr/lib/ipsec:" \ -e "s:@IPSEC_EXECDIR@::" \ -e "s:@IPSEC_SBINDIR@::" \ -e "s:@IPSEC_LIBDIR@::" \ -e "s:@FINALCONFDIR@:/etc/ipsec:" \ -e "s:@RSAKEYBITS@:2192:" \ -e "s:@MODULE_GOO_LIST@:irq_stat netif_rx register_sysctl_table send_sig kmalloc __kfree_skb __ip_select_ident alloc_skb icmp_send ip_fragment sock_register :" \ -e "s:@IPSEC_CONFS@:/etc/ipsec:" \ | cat >ipsec chmod +x ipsec I have pasted in the section of the emerge that appears to have failed. Below is my emerge info: Portage 2.0.50 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.20-gentoo-r5) ================================================================= System uname: 2.4.20-gentoo-r5 i686 Celeron (Coppermine) Gentoo Base System version 1.4.3.13 distcc 2.11.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] Autoconf: sys-devel/autoconf-2.58 Automake: sys-devel/automake-1.7.7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -O3 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache distcc sandbox" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://mirrors.tds.net/gentoo http://128.213.5.34/gentoo/ http://www.gtlib.cc.gatech.edu/pub/gentoo http://open-systems.ufl.edu/mirrors/gentoo" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib acpi apache2 apm berkdb cdr crypt cups dga encode evms2 foomaticdb gd gdbm gif gpm gtk imlib java jpeg ldap libg++ libwww mad mikmod motif mozilla mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline scanner sdl slang spell ssl svga tcltk tcpd tetex truetype x86 xml2 xmms xv zlib"
I saw 2 problems when I tried to emerge freeswan. The first is a missing backslash on line 106 in klips/utils/spi.c. The second was caused by a missing pcap.h header. I think there needs to be a dependency added for libpcap. After emerging net-libs/libpcap and patching spi.c, freeswan built and installed eroute and the other tools.
I'm having a problem I think is related to this bug, freeswan appears to successfully compile but is missing four mission critical tools: eroute, klipsdebug, spi, tncfg Theses tools are supposed to be installed in /usr/ipsec/lib I was able to copy these four files from a different box's freeswan installation over to my box as a successful, hopefully temporary workaround.
this could also be an occasion of the stdarg.h versus vararg.h issue with newer gcc versions, just my thoughts, Alex
freeswan is no longer in the tree. all users are migrated to openswan/strongswan. There are kernel patches in gentoo-sources-2.4.26-r4 that match to openswan-2.1.4. Or just use a recent 2.6 kernel. Closing.
