[Openswan Users] Using 1DES :(

Rajkumar S rajkumars at asianetindia.com
Wed Aug 31 20:05:25 CEST 2005 

Hi all,

I downloaded openswan-2.3.1 and set USE_WEAKSTUFF?=true in Makefile.inc
and compiled it against linux-2.4.21 I also applied the NAT-T patch
before compiling. I am on a debian sarge box.

Compiling went well, and after starting ipsec using /etc/init.d/ipsec
start I started my tunnel using  ipsec auto --up sample

After I start the tunnel, I get a message about tunnel init and then
after about a minute a message like:

IPSEC EVENT: KLIPS device ipsec0 shut down.

Next I went through the deamon.log to look at the pluto logs and there i
saw a sig 11 for pluto and it gets killed. Pluto gets restarted after that.

Aug 31 18:13:08 localhost ipsec_setup: KLIPS debug `none'
Aug 31 18:13:08 localhost ipsec_setup: KLIPS ipsec0 on eth0
202.88.102.83/255.255.255.248 broadcast 202.88.102.255
Aug 31 18:13:08 localhost ipsec_setup: ...Openswan IPsec started
Aug 31 18:13:08 localhost ipsec_setup: Starting Openswan IPsec 2.3.1...

Aug 31 18:13:12 localhost ipsec__plutorun:
/usr/local/lib/ipsec/_plutorun: line 1: 12691 Segmentation fault
/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--ipsecdir /etc/ipsec.d --debug-all --uniqueids

Aug 31 18:13:12 localhost ipsec__plutorun: !pluto failure!:  exited with
error status 139 (signal 11)

Aug 31 18:13:12 localhost ipsec__plutorun: restarting IPsec after pause...
Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec stopped
Aug 31 18:13:22 localhost ipsec_setup: Stopping Openswan IPsec...
Aug 31 18:13:22 localhost ipsec_setup: Removing orphaned
/var/run/pluto/pluto.pid:
Aug 31 18:13:22 localhost ipsec_setup: KLIPS debug `none'
Aug 31 18:13:22 localhost ipsec_setup: KLIPS ipsec0 on eth0
202.88.102.83/255.255.255.248 broadcast 202.88.102.255
Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec started
Aug 31 18:13:22 localhost ipsec_setup: Restarting Openswan IPsec 2.3.1...
Aug 31 18:13:30 localhost ipsec_setup: ...Openswan IPsec stopped
Aug 31 18:13:30 localhost ipsec_setup: Stopping Openswan IPsec...

I also did not see 1DES algo when I looked through ipsec auto --status.

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, 
keysizemin=168, keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, 
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, 
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, 
keysizemin=160, keysizemax=160

My config file is as follows:

version 2
config setup
         interfaces=%defaultroute
         klipsdebug=none
         plutodebug=all
         #uniqueids=yes

conn %default
         #keyingtries=0
         #disablearrivalcheck=no
         authby=secret
         #leftrsasigkey=%dnsondemand
         #rightrsasigkey=%dnsondemand

conn sample
         left=202.88.102.83
         leftsubnet=192.168.3.0/25
         leftnexthop=202.88.102.86
         right=202.88.101.13
         rightsubnet=13.1.1.0/24
         rightnexthop=202.88.101.1
         auto=add
         pfs=no
         keyexchange=ike
         esp=des-md5-56

Again I am stuck here, with no idea what I am doing wrong. Any help will 
be much much appreciated.

raj

More information about the Users mailing list