[Openswan dev] No tunnels up

Fernanda Coelho fernandafbc at gmail.com
Mon Feb 28 10:33:15 CET 2005


Hi ,
I know this is a developer list, but this is urgent :

I am trying to setup a simple "test" connection and pings route
accross fine but there seems to be no encryption occuring.

192.168.2.0/24===192.168.1.105---192.168.1.106===192.168.2.0/24

Arch: I am running Slackware 10  2.6.9 Kernel
Soft: Installed  openswan-2.3.0dr2.

When running 'ipsec auto --up conn-name' I get:

104 "net" #5: STATE_MAIN_I1: initiate
003 "net" #5: received Vendor ID payload [Dead Peer Detection]
106 "net" #5: STATE_MAIN_I2: sent MI2, expecting MR2
108 "net" #5: STATE_MAIN_I3: sent MI3, expecting MR3
004 "net" #5: STATE_MAIN_I4: ISAKMP SA established
117 "net" #6: STATE_QUICK_I1: initiate
004 "net" #6: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xe44c222a <0x44ef47be}

If I run a '/etc/rc.d/rc.ipsec status' I get the following output:

IPsec running
pluto pid ......
No tunnels up

And if I run a 'ipsec look', then I get the  following:

snoop Thu Feb 24 14:15:48 BRT 2005
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
egrep: /proc/net/ipsec_tncfg: No such file or directory
sort: open failed: /proc/net/ipsec_spi: No such file or directory
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.2.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

ipsec.conf is setup as follows ...

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
       interfaces="ipsec0=eth0"
       klipsdebug=none
       plutodebug=none
       uniqueids=yes
conn net
       left=192.168.1.105
       leftsubnet=192.198.2.0/24
       leftrsasigkey=<a very long key>
       leftnexthop=192.168.1.106
       right=192.168.1.106
       rightsubnet=192.198.2.0/24
       rightrsasigkey=<a very long key>
       rightnexthop=192.168.1.105
       auto=add

I verified my rsasigkeys to what is in the ipsec.secrets files.

The addresses 192.168.1.105 and  192.168.1.106 are aliases, there's
any problem?
So, I dond know what's wrong ....

Any help is greatly appreciated!
Thanks,
Fernanda


More information about the Dev mailing list