[Openswan dev] openswan+netkey bug

tianma217 tianma217 at yeah.net
Fri Mar 26 07:01:47 EDT 2010


I have got a problem,as follows

bwb ipsec # ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.24/K2.6.26 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [FAILED]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]

the error logs:
104 "adf" #1: STATE_MAIN_I1: initiate
003 "adf" #1: ignoring unknown Vendor ID payload [4f454e7c454d716b5f4d6c67]
003 "adf" #1: received Vendor ID payload [Dead Peer Detection]
106 "adf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "adf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "adf" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
117 "adf" #2: STATE_QUICK_I1: initiate
003 "adf" #2: ERROR: netlink response for Add SA esp.6fea136c at included errno 93: Protocol not supported
032 "adf" #2: STATE_QUICK_I1: internal error

the logs from startup to failure is in the attachment.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20100326/6eedea9b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: messages
Type: application/octet-stream
Size: 92628 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20100326/6eedea9b/attachment-0001.obj 

More information about the Dev mailing list