<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1597" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>I went
ahead and tried installing openswan on RH9 to test it out and see if I can
connect to an FC6 machine running Openswan. It seemed to install fine but
I am getting an error when I start ipsec and try to
connect.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008>service ipsec restart<BR>ipsec_setup: Stopping Openswan
IPsec...<BR>ipsec_setup: Starting Openswan IPsec
U2.4.4/K1.0.3...<BR>ipsec_setup: /usr/libexec/ipsec/eroute: pfkey write failed,
returning -1 with errno=22.<BR>ipsec_setup: Invalid argument, check kernel log
messages for specifics.</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008>/var/log/messages gives me:</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008><snip></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008>Feb 22 11:45:47 rhtest dhcpd: receive_packet failed on
ipsec0: Network is down<BR>Feb 22 11:45:47 rhtest kernel: IPSEC EVENT: KLIPS
device ipsec0 shut down.<BR>Feb 22 11:45:47 rhtest ipsec_setup: ...Openswan
IPsec stopped<BR>Feb 22 11:45:47 rhtest ipsec_setup: Stopping Openswan
IPsec...<BR>Feb 22 11:45:48 rhtest ipsec_setup: KLIPS debug `none'<BR>Feb 22
11:45:48 rhtest ipsec_setup: KLIPS ipsec0 on eth0 10.248.100.20/255.255.255.0
broadcast 10.248.100.255 mtu 1410<BR>Feb 22 11:45:48 rhtest ipsec_setup:
...Openswan IPsec started<BR>Feb 22 11:45:48 rhtest ipsec_setup: Starting
Openswan IPsec U2.4.4/K1.0.3...<BR>Feb 22 11:45:48 rhtest ipsec_setup:
/usr/libexec/ipsec/eroute: pfkey write failed, returning -1 with
errno=22.<BR>Feb 22 11:45:48 rhtest ipsec_setup: Invalid argument, check kernel
log messages for specifics.<BR>Feb 22 11:45:48 rhtest ipsec__plutorun: 022
"ggh-rhtest": we cannot identify ourselves with either end of this
connection<BR>Feb 22 11:45:48 rhtest ipsec__plutorun: ...could not route conn
"ggh-rhtest"<BR>Feb 22 11:45:48 rhtest ipsec__plutorun: 022 "ggh-rhtest": We
cannot identify ourselves with either end of this connection.<BR>Feb 22 11:45:48
rhtest ipsec__plutorun: ...could not start conn
"ggh-rhtest"<BR></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008>I am not sure what the 022 error means. I tried
looking at pfkey but it's a binary file. Any ideas
?</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008> </DIV></SPAN></SPAN></FONT>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008><SPAN
class=875352716-22022008>SETUP:</DIV>
<DIV></SPAN></SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>RH9 called rhtest</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>uname:
2.4.20-30.9.openswan_1.0.3_1 #1</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>ipsec
version: Linux Openswan U2.4.4/K1.0.3
(klips)</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>ipsec.conf:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008><snip></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>
interfaces="ipsec0=eth0"<BR> #
klipsdebug=all<BR>
plutodebug=all<BR>
overridemtu=1410<BR>
nat_traversal=yes<BR><snip></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>conn
ggh-rhtest<BR>
</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008></SPAN></FONT><FONT face=Arial color=#0000ff
size=2><SPAN
class=875352716-22022008>
left=WAN IP of FC6 VPN
server<BR>
leftsubnet=10.241.0.0/16<BR>
leftnexthop=WAN IP of Gateway for FC6 VPN
Server<BR> </SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>
right=WAN IP of RH9 VPN
server<BR>
rightsubnet=10.248.0.0/16<BR>
rightnexthop=WAN IP of Gateway for RH9 VPN
Server<BR> </SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008> keyingtries=0<BR>
authby=secret<BR>
type=tunnel<BR>
auto=start<BR>
#forceencaps=yes<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>ifconfig:</DIV></SPAN></FONT>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>eth0
is the LAN NIC with an address of 10.248.100.20</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>eth1
is the WAN NIC</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>iptables:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008><snip></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>*nat<BR>:PREROUTING ACCEPT [0:0]<BR>:POSTROUTING ACCEPT
[0:0]<BR>:OUTPUT ACCEPT [0:0]<BR>-A POSTROUTING -d ! 10.0.0.0/255.0.0.0 -o eth0
-j MASQUERADE</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008><snip><BR>-A RH-Lokkit-0-50-INPUT -p tcp -m tcp
--dport 500 --syn -j ACCEPT</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008></SPAN></FONT><FONT face=Arial color=#0000ff
size=2><SPAN class=875352716-22022008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>ipsec
verfiy:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008>Checking your system to see if IPsec got installed and
started correctly:<BR>Version check and ipsec
on-path
[OK]<BR>Linux Openswan U2.4.4/K1.0.3 (klips)<BR>Checking for IPsec support in
kernel
[OK]<BR>Checking for RSA private key
(/etc/ipsec.secrets)
[OK]<BR>Checking that pluto is
running
[OK]<BR>Two or more interfaces found, checking IP
forwarding
[OK]<BR>Checking NAT and MASQUERADEing<BR>Checking for 'ip'
command
[OK]<BR>Checking for 'iptables'
command
[OK]<BR>Opportunistic Encryption
Support
[DISABLED]<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>ipsec
auto --status:</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008><snip></SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=875352716-22022008>000
"ggh-rhtest":
10.241.0.0/16===X.X.X.X---X.X.X.X...X.X.X.X---X.X.X.X===10.248.0.0/16; unrouted;
eroute owner: #0<BR>000 "ggh-rhtest": srcip=unset;
dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;<BR>000
"ggh-rhtest": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0<BR>000 "ggh-rhtest": policy:
PSK+ENCRYPT+TUNNEL+PFS; prio: 16,16; interface: ;<BR>000
"ggh-rhtest": newest ISAKMP SA: #0; newest IPsec SA:
#0;<BR>000<BR>000<BR></SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN
class=875352716-22022008></DIV></SPAN></FONT>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Arjun
Datta</FONT></DIV></BODY></HTML>