[Openswan Users] Mac OS 10.3.8 connection kills Pluto

Alan Whinery whinery at hawaii.edu
Wed Mar 16 07:57:02 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I have a working setup, actually several of them, all of which work
with the built-in Windows client. I set up a test machine for PSK
operation, and although it works OK with Windows, it gags every time
with the Mac client. I have tried this with kernel 2.6.11.2 IPSec and
with 2.6 KLIPS. Sometimes it gets as far as "SA Established", but
right around then, it's all over.

I'll take any suggestions, but I suspect from recent reports, it's a
wait for 2.4...


The crash looks like some version of:
(...)
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther": 128.171.6.143:17/1701...128.171.6.68:17/49571;
unrouted; eroute owner: #0
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther":     srcip=unset; dstip=unset
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther":   ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther":   policy: PSK+ENCRYPT+TUNNEL; prio: 32,32;
interface: eth0;
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther":   newest ISAKMP SA: #1; newest IPsec SA: #0;
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
"L2TP-PSK-Panther":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
Mar 15 20:25:36 nibbler pluto[3372]: "L2TP-PSK-Panther" #2:
*Mar 15 20:25:46 nibbler ipsec__plutorun: Restarting Pluto subsystem...*
Mar 15 20:25:46 nibbler pluto[3588]: Starting Pluto (Openswan Version
2.3.1dr3 X.509-1.5.4 PLUTO_USES_KEYRR)
Mar 15 20:25:46 nibbler pluto[3588]: Setting port floating to off
Mar 15 20:25:46 nibbler pluto[3588]: port floating activate 0/1
Mar 15 20:25:46 nibbler pluto[3588]:   including NAT-Traversal patch
(Version 0.6c) [disabled]
(...)
=======================================

And it doesn't look much different with all of the debugging turned on.

Config is:
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

version 2.0     # conforms to second version of ipsec.conf specification
config setup
~        interfaces=%defaultroute
~        klipsdebug=none
~        plutodebug=none
~        uniqueids=yes

conn block
~    auto=ignore

conn private
~    auto=ignore

conn private-or-clear
~    auto=ignore

conn clear-or-private
~    auto=ignore

conn clear
~    auto=ignore

conn packetdefault
~    auto=ignore

# basic configuration
conn L2TP-PSK-Panther
~        #
~        # Use a Preshared Key. Disable Perfect Forward Secrecy.
~        #
~        auto=add
~        authby=secret
~        pfs=no
~        #
~        left=192.168.4.143
~        #
~        # Required for original (non-updated) Windows 2000/XP clients.
~        leftprotoport=17/1701
~        #
~        # The remote user.
~        #
~        right=192.168.4.68
~        rightprotoport=17/%any
~        #
~        # Authorize this connection, and wait for connection from user.
~        #
~        keyingtries=3
conn L2TP-PSK-orgWIN2KXP
~        #
~        # Use a Preshared Key. Disable Perfect Forward Secrecy.
~        #
~        auto=add
~        authby=secret
~        pfs=no
~        #
~        left=192.168.4.143
~        #
~        # Required for original (non-updated) Windows 2000/XP clients.
~        leftprotoport=17/1701
~        #
~        # The remote user.
~        #
~        right=192.168.4.81
~        rightprotoport=17/1701
~        keyingtries=3



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFCOHNuo0Fj2RHXjC4RAt6dAJ4/m4B7dkJHO5UrVyKeItnZGLP6eQCeP5Iy
NU/cCVfCjbSY9PU40lpHfFk=
=CQTy
-----END PGP SIGNATURE-----

More information about the Users mailing list