<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Paul,<br>
<br>
Please see below.<br>
<br>
Thanks,<br>
<br>
Nick<br>
<br>
On 26/07/2009 17:48, Paul Wouters wrote:
<blockquote
cite="mid:alpine.LFD.1.10.0907261246331.15037@newtla.xelerance.com"
type="cite">On Sun, 26 Jul 2009, Nick Howitt wrote:
<br>
<br>
<blockquote type="cite">code on 2.6.18-128.2.16.v5 (experimental
code)
<br>
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
<br>
enc alg=0 not found in constants.c:oakley_enc_names
<br>
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<br>
<NULL>: Ok (ret=0)
<br>
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
<br>
enc alg=0 not found in constants.c:oakley_enc_names
<br>
</blockquote>
<br>
You can ignore these, though we should fix it. It's due to KLIPS and
NETKEY
<br>
having a different value for enc_alg=0.
<br>
<br>
<blockquote type="cite">Also, if I have left=%defaultroute in my
default conn I get the
<br>
following in /var/log/messages:
<br>
</blockquote>
<br>
Don't put it in the default conn. Put it in the individual conn.
<br>
<br>
</blockquote>
I have now moved it to each conn and it works the same irrespective of
where it is.<br>
<blockquote
cite="mid:alpine.LFD.1.10.0907261246331.15037@newtla.xelerance.com"
type="cite">
<blockquote type="cite">With left=%defaultroute in my default conn
and right=%any in conn Mark
<br>
(in ipsec.conf) in /var/log/secure I get:
<br>
</blockquote>
<br>
You cannot use both in the same conn, as pluto would not be able to
deduct
<br>
if it should be left= or right=, as both are dynamic.
<br>
<br>
</blockquote>
It used to work with CC4.3 and openswan 2.4.15 and 2.6.15.<br>
<br>
I have now put left in the conn and with left=myFQDN, right=%any, in
/var/log/messages I still get:<br>
<br>
<small><font face="Courier New">Jul 26 19:12:07 server ipsec__plutorun:
022 connection must specify host IP address for our side<br>
Jul 26 19:12:07 server ipsec__plutorun: 037 attempt to load incomplete
connection<br>
</font></small><br>
and, similarly, in /var/log/secure:<br>
<br>
<small><font face="Courier New">Jul 26 19:12:07 server pluto[19800]:
connection must specify host IP address for our side<br>
Jul 26 19:12:07 server pluto[19800]: attempt to load incomplete
connection</font></small><br>
<br>
The error messages clear and the tunnel comes up only if I define
right=farFQDN. right=%any does not work.<br>
<br>
Similarly in the conn with left=%defaultroute and right=farFQDN, I get:<br>
<br>
var/log/messages:<br>
<small><font face="Courier New">Jul 26 19:22:40 server ipsec__plutorun:
022 connection must specify host IP address for our side<br>
Jul 26 19:22:40 server ipsec__plutorun: 037 attempt to load incomplete
connection<br>
Jul 26 19:22:41 server ipsec__plutorun: 021 no connection named "MumOut"<br>
Jul 26 19:22:41 server ipsec__plutorun: 000 initiating all conns with
alias='MumOut' <br>
Jul 26 19:22:41 server ipsec__plutorun: 021 no connection named "MumOut"<br>
<br>
</font></small>/var/log/secure<br>
<font face="Courier New"><small>Jul 26 19:22:40 server pluto[20537]:
connection must specify host IP address for our side<br>
Jul 26 19:22:40 server pluto[20537]: attempt to load incomplete
connection</small></font><br>
<br>
The error messages clear and the tunnel comes up only if I define
right=farFQDN. left=%defaultroute does not work.<br>
<blockquote
cite="mid:alpine.LFD.1.10.0907261246331.15037@newtla.xelerance.com"
type="cite">Paul
<br>
</blockquote>
</body>
</html>