<div dir="ltr"><span id="yui_3_16_0_1_1414562326910_11912" class="" style>Hi,<br><br>I am running Openswan 2.6.37 on a custom ARM board (OMAP4) running Ubuntu Core.<br>Since its a minimalistic version of Ununtu, not all commands run the way they do in Desktop Ubuntu. I had to use scripts provided in <span style="font-style:italic">/usr/local/lib/ipsec</span></span><span style="font-style:italic">/</span>. For example instead of <span style="font-style:italic">ipsec setup --start</span> I had used <span id="yui_3_16_0_1_1414562326910_11919" style="font-style:italic">ipsec _realsetup
--start</span>.<br><br class="" style clear="none">Anyways I have issued following commands:<div id="yui_3_16_0_1_1414562326910_11921" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">1) <span style="font-style:italic">ipsec _startnetkey</span></div><div id="yui_3_16_0_1_1414562326910_11924" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">2) <span style="font-style:italic">ipsec _realsetup --start</span></div><div id="yui_3_16_0_1_1414562326910_11925" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">3) <span style="font-style:italic">ipsec _plutorun</span><br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11926" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11927" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">After this the <span style="font-style:italic">ipsec _realsetup --status</span> gives me:</div><div id="yui_3_16_0_1_1414562326910_11928" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><span style="font-style:italic">IPsec running - pluto pid: 4798<br class="" style clear="none">pluto pid 4798<br class="" style clear="none">No tunnels up</span><br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11929" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11930" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">Which
should be followed by ipsec auto --add simpleIPSec and subsequently by
ipsec auto --up simpleIPSec but these commands give me:<br class="" style clear="none"><span id="yui_3_16_0_1_1414562326910_11937" style="font-style:italic">root@localhost:~# ipsec auto --add
simpleIPSec<br class="" style clear="none">Illegal instruction</span></div><div id="yui_3_16_0_1_1414562326910_11935" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><span id="yui_3_16_0_1_1414562326910_11936" style="font-style:italic">----------------------------------------------------------------------------------------------------------------<br class="" style clear="none">root@localhost:~# ipsec auto --up
simpleIPSec <br class="" style clear="none">pluto[4798]: initiating all conns with alias='simpleIPSec'<br class="" style clear="none">000 initiating all conns with alias='simpleIPSec'<br class="" style clear="none">021 no connection named "simpleIPSec"</span></div><div id="yui_3_16_0_1_1414562326910_11934" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><span id="yui_3_16_0_1_1414562326910_11933" style="font-style:italic">----------------------------------------------------------------------------------------------------------------</span></div><div id="yui_3_16_0_1_1414562326910_11932" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><span id="yui_3_16_0_1_1414562326910_11938" style="font-style:italic">root@localhost:~# ipsec verify<br class="" style clear="none">Checking your system to see if IPsec got installed and started correctly:<br class="" style clear="none">Version check and ipsec on-path [OK]<br class="" style clear="none">Linux Openswan U2.6.37/K3.10.12-svn149 (netkey)<br class="" style clear="none">Checking for IPsec support in
kernel [OK]<br class="" style clear="none"> SAref kernel support [N/A]<br class="" style clear="none"> NETKEY: Testing XFRM related proc values [OK]<br class="" style clear="none"> [OK]<br class="" style clear="none"> [OK]<br class="" style clear="none">Checking that pluto is
running [OK]<br class="" style clear="none"> Pluto listening for IKE on udp 500 <span class="" style="background-color:rgb(253,239,43)"></span></span><span id="yui_3_16_0_1_1414562326910_11938" style="font-style:italic"><span id="yui_3_16_0_1_1414562326910_11938" style="font-style:italic">[OK]</span> <br><span style="background-color:rgb(255,255,0)"> Pluto listening for NAT-T on udp 4500 [FAILED]<br class="" style clear="none">Two or more interfaces found, checking IP forwarding [FAILED]</span><br class="" style clear="none">Checking NAT and
MASQUERADEing [OK]<br class="" style clear="none">Checking for 'ip' command [OK]<br class="" style clear="none">Checking /bin/sh is not /bin/dash [WARNING]<br class="" style clear="none">Checking for 'iptables'
command [OK]<br class="" style clear="none">Opportunistic Encryption Support [DISABLED]</span><br class="" style clear="none">------------------------------------------------------------------------------------------------------------------</div><div id="yui_3_16_0_1_1414562326910_11939" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11940" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">1) I did
some scavenging in <span style="font-style:italic">add</span> script for adding the connections, but couldn't figure it out. I believe it requires some other command to <span style="font-style:italic">add</span> and <span style="font-style:italic">up</span> the connection.<br class="" style clear="none"></div><div id="yui_3_16_0_1_1414562326910_11942" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">2) Or the system is not picking up the right <span id="yui_3_16_0_1_1414562326910_11941" style="font-style:italic">ipsec.config</span>, since that only explains <span id="yui_3_16_0_1_1414562326910_11943" style="font-style:italic">"021 no connection named "simpleIPSec" </span>". But I did <i>ipsec barf</i> and it gave me the ipsec.config containing simpleIPSec connection.<br></div><div id="yui_3_16_0_1_1414562326910_11944" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">3) Will it help me if I resolve the two errors I received in <i>ipsec verify</i>.<br><br></div><div id="yui_3_16_0_1_1414562326910_11945" class="" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">Please let me know if you have any pointers on this one.</div><br>-- <br>Regards<div>Harsh Vardhan</div>
</div>