[Openswan Users] Can't connect...

Clif Smith openswan at cjs226.com
Sat Apr 23 02:41:53 CEST 2005 

Please help!  I'm trying to establish a connection:
  - from my FC3 system with the IP 192.168.1.21
  - through my linksys router with the private IP 192.168.1.1 and the 
public IP $HOME_IP
  - to a Sonicwall TZ170 with the public IP $WORK_IP and the private IP 
10.1.1.1
  - to connect to the subnet 10.1.1.0/24

Here's my ipsec.conf:
conn work
        # Left security gateway, subnet behind it, next hop toward right.
        left=192.168.1.21
        leftsubnet=192.168.1.0/24
        leftnexthop=$HOME_IP
        # Right security gateway, subnet behind it, next hop toward left.
        right=10.1.1.1
        rightsubnet=10.1.1.0/24
        rightnexthop=$WORK_IP

Here's my ipsec.secrets:
$WORK_IP $HOME_IP : PSK "$SHARED_SECRET"

Here's the log:
Apr 22 21:58:13 centipede ipsec__plutorun: Starting Pluto subsystem...
Apr 22 21:58:13 centipede pluto[7972]: Starting Pluto (Openswan Version 
2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID 
OEExalF{_o`m)
Apr 22 21:58:13 centipede pluto[7972]: Setting port floating to off
Apr 22 21:58:13 centipede pluto[7972]: port floating activate 0/1
Apr 22 21:58:13 centipede pluto[7972]:   including NAT-Traversal patch 
(Version 0.6c) [disabled]
Apr 22 21:58:13 centipede pluto[7972]: | opening /dev/urandom
Apr 22 21:58:13 centipede pluto[7972]: | inserting event 
EVENT_REINIT_SECRET, timeout in 3600 seconds
Apr 22 21:58:13 centipede pluto[7972]: | inserting event 
EVENT_PENDING_PHASE2, timeout in 120 seconds
Apr 22 21:58:13 centipede pluto[7972]: ike_alg_register_enc(): 
Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 22 21:58:13 centipede pluto[7972]: starting up 1 cryptographic helpers
Apr 22 21:58:13 centipede pluto[7973]: | opening /dev/urandom
Apr 22 21:58:13 centipede pluto[7972]: started helper pid=7973 (fd:6)
Apr 22 21:58:13 centipede pluto[7972]: | process 7972 listening for 
PF_KEY_V2 on file descriptor 7
Apr 22 21:58:13 centipede pluto[7972]: Using Linux 2.6 IPsec interface code
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build:
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p(nil).
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p0x8726dc0.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8726dd8 allocated 16 
bytes, &(extensions[0])=0p0xbffc4930
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, 
type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=7972.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: remain=0
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | finish_pfkey_msg: SADB_REGISTER 
message 1 for AH
Apr 22 21:58:13 centipede pluto[7972]: |   02 07 00 02  02 00 00 00  01 
00 00 00  24 1f 00 00
Apr 22 21:58:13 centipede pluto[7972]: | pfkey_get: SADB_REGISTER message 1
Apr 22 21:58:13 centipede pluto[7972]: | AH registered with kernel.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build:
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p(nil).
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p0x8726dc0.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8726dd8 allocated 16 
bytes, &(extensions[0])=0p0xbffc4930
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7973]: ! helper 0 waiting on fd: 7
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, 
type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=7972.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: remain=0
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | finish_pfkey_msg: SADB_REGISTER 
message 2 for ESP
Apr 22 21:58:13 centipede pluto[7972]: |   02 07 00 03  02 00 00 00  02 
00 00 00  24 1f 00 00
Apr 22 21:58:13 centipede pluto[7972]: | pfkey_get: SADB_REGISTER message 2
Apr 22 21:58:13 centipede pluto[7972]: | alg_init():memset(0x80f2c20, 0, 
2016) memset(0x80f3400, 0, 2048)
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=14, alg_id=251
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, 
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=14, alg_id=2
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, 
alg_minbits=128, alg_maxbits=128, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=14, alg_id=3
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, 
alg_minbits=160, alg_maxbits=160, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=14, alg_id=5
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, 
alg_minbits=256, alg_maxbits=256, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=11
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0, 
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=2
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8, 
alg_minbits=64, alg_maxbits=64, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=3
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8, 
alg_minbits=192, alg_maxbits=192, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=7
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8, 
alg_minbits=40, alg_maxbits=448, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=12
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8, 
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=252
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8, 
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_add():satype=3, 
exttype=15, alg_id=253
Apr 22 21:58:13 centipede pluto[7972]: | kernel_alg_register_pfkey(): 
SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8, 
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Apr 22 21:58:13 centipede pluto[7972]: | ESP registered with kernel.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build:
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p(nil).
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbffc38d0 
pfkey_ext=0p0xbffc4930 *pfkey_ext=0p0x8726dc0.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8726dd8 allocated 16 
bytes, &(extensions[0])=0p0xbffc4930
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, 
type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=3, pid=7972.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: remain=0
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | 
pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, 
seen=00000001, required=00000001.
Apr 22 21:58:13 centipede pluto[7972]: | finish_pfkey_msg: SADB_REGISTER 
message 3 for IPCOMP
Apr 22 21:58:13 centipede pluto[7972]: |   02 07 00 09  02 00 00 00  03 
00 00 00  24 1f 00 00
Apr 22 21:58:13 centipede pluto[7972]: | pfkey_get: SADB_REGISTER message 3
Apr 22 21:58:13 centipede pluto[7972]: | IPCOMP registered with kernel.
Apr 22 21:58:13 centipede pluto[7972]: Changing to directory 
'/etc/ipsec.d/cacerts'
Apr 22 21:58:13 centipede pluto[7972]: Changing to directory 
'/etc/ipsec.d/aacerts'
Apr 22 21:58:13 centipede pluto[7972]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
Apr 22 21:58:13 centipede pluto[7972]: Changing to directory 
'/etc/ipsec.d/crls'
Apr 22 21:58:13 centipede pluto[7972]:   Warning: empty directory
Apr 22 21:58:13 centipede pluto[7972]: | inserting event 
EVENT_LOG_DAILY, timeout in 7307 seconds
Apr 22 21:58:13 centipede pluto[7972]: | next event EVENT_PENDING_PHASE2 
in 120 seconds
Apr 22 21:58:13 centipede pluto[7972]: |
Apr 22 21:58:13 centipede pluto[7972]: | *received whack message
Apr 22 21:58:13 centipede pluto[7972]: listening for IKE messages
Apr 22 21:58:13 centipede pluto[7972]: | found lo with address 127.0.0.1
Apr 22 21:58:13 centipede pluto[7972]: | found eth0 with address 
192.168.1.21
Apr 22 21:58:13 centipede pluto[7972]: adding interface eth0/eth0 
192.168.1.21:500
Apr 22 21:58:13 centipede pluto[7972]: adding interface lo/lo 127.0.0.1:500
Apr 22 21:58:14 centipede pluto[7972]: | found lo with address 
0000:0000:0000:0000:0000:0000:0000:0001
Apr 22 21:58:14 centipede pluto[7972]: adding interface lo/lo ::1:500
Apr 22 21:58:14 centipede pluto[7972]: loading secrets from 
"/etc/ipsec.secrets"
Apr 22 21:58:14 centipede pluto[7972]: | next event EVENT_PENDING_PHASE2 
in 119 seconds

More information about the Users mailing list