<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=big5">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="chsdate"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 3 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@新細明體";
panose-1:2 2 3 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
/* Page Definitions */
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:18.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-TW link=blue vlink=purple style='text-justify-trim:punctuation'>
<div class=Section1 style='layout-grid:18.0pt'>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Hi, ALL,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>I downloaded openswan 2.66.22 source , then make and
install in the kernel 2.66.22.5.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>I use ‘netkey’, so I executed ‘Make programs; make
install “<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>It seems that everything is fine when make and
install, <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>I did not change the content of ipsec.conf after
install l<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Then I executed “ipsec setup –start” command<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>But , I check the status it shows ipsec stopped<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>I am sure the ipsec does not start correctly . but why?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Below is the list of the commands and console show <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Please help to solve the problem.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Thanks any helps in advance<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Yhkyhk2 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>-------------------------------------------------<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>[root @test] ipsec verify<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking your system to see if IPsec got installed and
started correctly:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Version check and ipsec
on-path
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Linux Openswan U<st1:chsdate IsROCDate="False"
IsLunarDate="False" Day="30" Month="12" Year="1899" w:st="on">2.6.22</st1:chsdate>/K2.6.22.5
(netkey)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking for IPsec support in
kernel
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>NETKEY detected, testing for disabled ICMP
send_redirects [FAILED]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'> Please disable
/proc/sys/net/ipv4/conf/*/send_redirects<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'> or NETKEY will cause the sending of bogus ICMP
redirects!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>NETKEY detected, testing for disabled ICMP
accept_redirects [FAILED]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'> Please disable
/proc/sys/net/ipv4/conf/*/accept_redirects<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'> or NETKEY will accept bogus ICMP redirects!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking for RSA private key
(/etc/ipsec.secrets)
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking that pluto is
running
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Two or more interfaces found, checking IP
forwarding [FAILED]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking for 'ip'
command
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Checking for 'iptables'
command
[OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Opportunistic Encryption
Support
[DISABLED]<o:p></o:p></span></font></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0cm 0cm 1.0pt 0cm'>
<p class=MsoNormal style='border:none;padding:0cm'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'> [root @test] Ipsec setup –start<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>NET: Registered protocol family 15<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Ipsec_setup: Starting OpenSwan IPsec U<st1:chsdate
IsROCDate="False" IsLunarDate="False" Day="30" Month="12" Year="1899" w:st="on">2.6.22</st1:chsdate>/K2.6.22.5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Initializing XFRM netlink socket<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>Padlock: VIA PadLock not detected<o:p></o:p></span></font></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0cm 0cm 1.0pt 0cm'>
<p class=MsoNormal style='border:none;padding:0cm'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Padlock: VIA PadLock not
detected<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>[root @test] ipsec setup –status<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>IPsec stopped<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>but...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>has /var/run/pluto/ipsec.info file!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'>An normal Pluto is active?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>