Hi all,<br><br>I use openswan 2.4.4 on Debian linux with kernel 2.6.13<br>but when I use ipsec verify command <br>I got these messages.<br><br><span class="q" id="q_10cf8a73ff83f323_6"> # ipsec verify<br> Checking your system to see if IPsec got installed and started correctly:
<br> Version check and ipsec on-path [OK]<br> Linux Openswan U2.4.4/K2.6.13(netkey)<br> Checking for IPsec support in kernel [OK]<br> Checking for RSA private key (/etc/ipsec.secrets) [OK]
<br>Checking that pluto is running<br> [FAILED]<br>whack: is Pluto running? connect() for "/var/run/pluto/pluto.ctl"<br>failed (146 Connection refused)<br> Checking for 'ip' command<br>[FAILED]<br>Checking for 'iptables' command [OK]
<br>Checking for 'setkey' command for NETKEY IPsec stack support<br>[FAILED]<br>Opportunistic Encryption Support<br>[DISABLED]</span><br><br>I check /var/log/auth.log ,find these logs<br>(It's a quite long message)<br>
<br>Aug 13 17:48:01 localhost ipsec__plutorun: Starting Pluto subsystem...<br>Aug 13 17:48:03 localhost pluto[918]: Starting Pluto (Openswan Version 2.4.4 X.509-1.5.4 PL<br>UTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)
<br>Aug 13 17:48:04 localhost pluto[918]: Setting NAT-Traversal port-4500 floating to off<br>Aug 13 17:48:04 localhost pluto[918]: port floating activation criteria nat_t=0/port_fload=1<br>Aug 13 17:48:04 localhost pluto[918]: including NAT-Traversal patch (Version
0.6c) [disabled]<br>¡ô<br>In Fedora Core 4, got same log message ,I think that isn't a problem<br><br>Aug 13 17:48:05 localhost pluto[918]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<br>Aug 13 17:48:05 localhost pluto[918]: starting up 1 cryptographic helpers
<br>Aug 13 17:48:05 localhost pluto[918]: started helper pid=923 (fd:6)<br>Aug 13 17:48:05 localhost pluto[918]: Using Linux 2.6 IPsec interface code on <a href="http://2.6.13.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "2.6.13.5" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
2.6.13.5</a><br>Aug 13 17:48:05 localhost pluto[918]: ASSERTION FAILED at kernel_alg.c:264: buflen>0
<br>Aug 13 17:48:05 localhost pluto[918]: %myid = (none)<br>Aug 13 17:48:05 localhost pluto[918]: debug none<br> ¡ô<br>I guess problem in here,but I don't know how to slove this problem
<br><br>Aug 13 17:48:05 localhost pluto[918]:<br>Aug 13 17:48:06 localhost pluto[918]:<br>Aug 13 17:48:06 localhost pluto[918]: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<br>Aug 13 17:48:06 localhost pluto[918]: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048<br>
Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096<br>
Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
<br>Aug 13 17:48:07 localhost pluto[918]: algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192<br>Aug 13 17:48:08 localhost pluto[918]:<br>Aug 13 17:48:08 localhost pluto[918]: stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context
<br>={0,0,0} trans={0,0,0} attrs={0,0,0}<br>Aug 13 17:48:08 localhost pluto[918]:<br>Aug 13 17:48:08 localhost last message repeated 2 times<br>Aug 13 17:48:22 localhost ipsec__plutorun: Restarting Pluto subsystem...<br>
<br>so Pluto can't start successfully<br clear="all">
<br><br>Thanks for ur help<br>-- <br> Shinping Chen