[Openswan Users] Does pluto miss something?

Oscar Guell oskar at lsi.upc.es
Tue Apr 20 12:33:43 CEST 2004 

Hi all,

I'm testing in a Debian  box (kernel 2.6.5) a source compiled OpenSwan
2.1.1 code with no success. I'm using PKS for testing porpouses, and I
get this log:

Apr 20 11:17:15 UpcLinux ipsec__plutorun: Starting Pluto subsystem...
Apr 20 11:17:15 UpcLinux pluto[10378]: Starting Pluto (Openswan Version 2.1.1 X.509-1.4.8 PLUTO_USES_KEYRR)
Apr 20 11:17:15 UpcLinux pluto[10378]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Apr 20 11:17:15 UpcLinux pluto[10378]: Using Linux 2.6 IPsec interface code
Apr 20 11:17:16 UpcLinux pluto[10378]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 20 11:17:16 UpcLinux pluto[10378]:   Warning: empty directory
Apr 20 11:17:16 UpcLinux pluto[10378]: Changing to directory '/etc/ipsec.d/crls'
Apr 20 11:17:16 UpcLinux pluto[10378]:   Warning: empty directory
Apr 20 11:17:16 UpcLinux pluto[10378]: added connection description "psk_roadwarrior"
Apr 20 11:17:16 UpcLinux pluto[10378]: listening for IKE messages
Apr 20 11:17:16 UpcLinux pluto[10378]: adding interface eth0/eth0 192.168.0.174
Apr 20 11:17:16 UpcLinux pluto[10378]: adding interface lo/lo 127.0.0.1
Apr 20 11:17:17 UpcLinux pluto[10378]: loading secrets from "/etc/ipsec.secrets"
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: initiating Main Mode
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: Peer ID is ID_IPV4_ADDR: '147.83.12.9'
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #1: ISAKMP SA established
Apr 20 11:17:17 UpcLinux pluto[10378]: "psk_roadwarrior" #2: initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
Apr 20 11:17:18 UpcLinux pluto[10378]: "psk_roadwarrior" #2: ERROR: netlink response for Add SA comp.5fe4 at 192.168.0.174 included errno 2: No such file or directory
[.......]

I think pluto misses a file but I have no idea which one could be. Any
suggestion?
 
The 'ipsec.conf'  and 'ipsec.secrets' should be good  because they are
used successfully  in a  Red Hat  9 with the  same kernel  version and
openswan version.

I attach more information in case it would be needed:

root~# ipsec whack --status
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.174
000 %myid = (none)
000 debug none
000
000 "psk_roadwarrior": 192.168.0.174---192.168.0.1...147.83.12.5---147.83.12.9===147.83.0.0/16; erouted HOLD; eroute owner: #0
000 "psk_roadwarrior":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "psk_roadwarrior":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 32,16; interface: eth0;
000 "psk_roadwarrior":   newest ISAKMP SA: #1; newest IPsec SA: #0;
000
000 #4: "psk_roadwarrior" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 26s
000 #3: "psk_roadwarrior" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 26s
000 #1: "psk_roadwarrior" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2390s; newest ISAKMP
000
000 192.168.0.174/32:0 -17-> 147.83.2.10/32:0 => %hold 0    %acquire-netlink
000 192.168.0.174/32:0 -17-> 147.83.2.3/32:0 => %hold 0    %acquire-netlink


Thanks!
Oskar.

More information about the Users mailing list