[Openswan Users] pluto aborts without a real error message

Eberhard von Kitzing Eberhard.v.Kitzing at arcor.de
Thu Oct 14 21:03:00 CEST 2004 

Hi,

I OpenSWan 2.2.0 in a 2.6.8 kernel under debian. When I start ipsec 
using "ipsec setup start" I get the following message in syslog and 
the same in daemon.log:

Oct 14 19:31:53 Eberhard ipsec_setup: KLIPS ipsec0 on ppp0 
145.254.219.72/255.255.255.255 pointopoint 145.253.1.158
Oct 14 19:31:53 Eberhard ipsec_setup: ...Openswan IPsec started
Oct 14 19:31:53 Eberhard ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.8...
Oct 14 19:31:54 Eberhard ipsec__plutorun: 104 "extern" #1: 
STATE_MAIN_I1: initiate
Oct 14 19:31:54 Eberhard ipsec__plutorun: ...could not start conn "extern"

------------------------------------

I have no idea what went wrong. No error is indicated. I switched all 
debug info on.

I use the following ipsect.conf file:

------------------------------------

config setup
	interfaces=%defaultroute
	klipsdebug=all
	plutodebug=all

conn %default
	rightrsasigkey=%cert
	leftrsasigkey=%cert

conn extern
	# general setup
	# local IP
	left=%defaultroute
	leftnexthop=
	# remote
	right=fodi-soft-ft.dyndns.org
	rightsubnet=10.2.0.0/24
	rightnexthop=
	# automatic keying
	auto=start
	authby=secret
	pfs=yes

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

------------------------------------

According to ipsec verify every thing is o.k.

------------------------------------

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                  	[OK]
Linux Openswan U2.2.0/K2.6.8 (native)
Checking for IPsec support in kernel                             	[OK]
Checking for RSA private key (/etc/ipsec.secrets) 
	[FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                   	[OK]
Two or more interfaces found, checking IP forwarding             	[OK]
Checking NAT and MASQUERADEing                                   	[N/A]
Checking for 'ip' command                                        	[OK]
Checking for 'iptables' command                                  	[OK]
Checking for 'curl' command for CRL fetching                     	[OK]
Checking for 'setkey' command for native IPsec stack support     	[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: Eberhard 
	[MISSING]
Eberhard does not exist, try again
    Does the machine have at least one non-private address? 
	[FAILED]

------------------------------------

RSA and opportunistic keying is not used. Instead we use private 
shared keys. both IP's are dynamic. Where can I look for further 
information?

All the best, Eberhard

More information about the Users mailing list