[Openswan dev] openswan+netkey bug
tianma217
tianma217 at yeah.net
Fri Mar 26 07:01:47 EDT 2010
hello,everyone:
I have got a problem,as follows
bwb ipsec # ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.24/K2.6.26 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [FAILED]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
the error logs:
104 "adf" #1: STATE_MAIN_I1: initiate
003 "adf" #1: ignoring unknown Vendor ID payload [4f454e7c454d716b5f4d6c67]
003 "adf" #1: received Vendor ID payload [Dead Peer Detection]
106 "adf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "adf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "adf" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
117 "adf" #2: STATE_QUICK_I1: initiate
003 "adf" #2: ERROR: netlink response for Add SA esp.6fea136c at 192.168.12.33 included errno 93: Protocol not supported
032 "adf" #2: STATE_QUICK_I1: internal error
the logs from startup to failure is in the attachment.
t
2010-03-26
tianma217
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20100326/6eedea9b/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: messages
Type: application/octet-stream
Size: 92628 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20100326/6eedea9b/attachment-0001.obj
More information about the Dev
mailing list