[Openswan Users] Pluto not running???

Matthew Claridge mclaridge at rwa-net.co.uk
Mon Aug 16 16:42:23 CEST 2004 

Hi,

I'm trying to set up an openswan (v2.1.2) VPN on a RHEL box, but I'm 
having some difficulties. I've followed the installation and 
configuration instructions and installed the userland tools from source 
- so far I've got the following:

/etc/ipsec.conf
==========
config setup
        interfaces=%defaultroute
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=none

conn tunnelipsec
        type=tunnel
        left=62.x.x.x
        leftnexthop=%defaultroute
        leftsubnet=172.x.x.x/24
        right=194.x.x.x
        rightnexthop=%defaultroute
        rightsubnet=145.x.x.x/24
        esp=3des-md5-96
        keyexchange=ike
        pfs=no
        auto=start


/etc/ipsec.secrets
============
62.x.x.x 194.x.x.x: PSK "my_secret"


I'm starting ipsec with:

            /usr/local/sbin/ipsec auto --up tunnelipsec

and then I get the following error:

            whack: Pluto is not running (no "/var/run/pluto.ctl")


There's nothing in the docs about having to start Pluto so I'm a bit 
stumped....

/usr/local/ipsec verify gives the following:

            Checking your system to see if IPsec got installed and 
started correctly:
            Version check and ipsec 
on-path                                         [OK]
            Linux Openswan U2.1.2/K2.4.21-15.0.3.ELsmp (native) (native)
            Checking for IPsec support in 
kernel                                    [OK]
            Checking for RSA private key 
(/etc/ipsec.secrets)                       [FAILED]
            ipsec showhostkey: no default key in "/etc/ipsec.secrets"
            Checking that pluto is 
running                                          [FAILED]
            whack: Pluto is not running (no "/var/run/pluto.ctl")
            Checking for 'ip' 
command                                               [OK]
            Checking for 'iptables' 
command                                         [OK]
            Checking for 'setkey' command for native IPsec stack 
support            [FAILED]
            which: no setkey in 
(/sbin:/usr/bin:/usr/local/sbin:/usr/local/sbin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin)

            Opportunistic Encryption DNS checks:
               Looking for TXT in forward dns zone: 
mickey.rwa-net.co.uk            [MISSING]
               Does the machine have at least one non-private 
address?              [OK]
               Looking for TXT in reverse dns zone: 
36.139.189.62.in-addr.arpa.     [MISSING]


Hope someone can help....thanks in advance
Matt

More information about the Users mailing list