[Openswan Users] Using 1DES :(
Rajkumar S
rajkumars at asianetindia.com
Wed Aug 31 20:05:25 CEST 2005
Hi all,
I downloaded openswan-2.3.1 and set USE_WEAKSTUFF?=true in Makefile.inc
and compiled it against linux-2.4.21 I also applied the NAT-T patch
before compiling. I am on a debian sarge box.
Compiling went well, and after starting ipsec using /etc/init.d/ipsec
start I started my tunnel using ipsec auto --up sample
After I start the tunnel, I get a message about tunnel init and then
after about a minute a message like:
IPSEC EVENT: KLIPS device ipsec0 shut down.
Next I went through the deamon.log to look at the pluto logs and there i
saw a sig 11 for pluto and it gets killed. Pluto gets restarted after that.
Aug 31 18:13:08 localhost ipsec_setup: KLIPS debug `none'
Aug 31 18:13:08 localhost ipsec_setup: KLIPS ipsec0 on eth0
202.88.102.83/255.255.255.248 broadcast 202.88.102.255
Aug 31 18:13:08 localhost ipsec_setup: ...Openswan IPsec started
Aug 31 18:13:08 localhost ipsec_setup: Starting Openswan IPsec 2.3.1...
Aug 31 18:13:12 localhost ipsec__plutorun:
/usr/local/lib/ipsec/_plutorun: line 1: 12691 Segmentation fault
/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--ipsecdir /etc/ipsec.d --debug-all --uniqueids
Aug 31 18:13:12 localhost ipsec__plutorun: !pluto failure!: exited with
error status 139 (signal 11)
Aug 31 18:13:12 localhost ipsec__plutorun: restarting IPsec after pause...
Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec stopped
Aug 31 18:13:22 localhost ipsec_setup: Stopping Openswan IPsec...
Aug 31 18:13:22 localhost ipsec_setup: Removing orphaned
/var/run/pluto/pluto.pid:
Aug 31 18:13:22 localhost ipsec_setup: KLIPS debug `none'
Aug 31 18:13:22 localhost ipsec_setup: KLIPS ipsec0 on eth0
202.88.102.83/255.255.255.248 broadcast 202.88.102.255
Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec started
Aug 31 18:13:22 localhost ipsec_setup: Restarting Openswan IPsec 2.3.1...
Aug 31 18:13:30 localhost ipsec_setup: ...Openswan IPsec stopped
Aug 31 18:13:30 localhost ipsec_setup: Stopping Openswan IPsec...
I also did not see 1DES algo when I looked through ipsec auto --status.
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64,
keysizemin=168, keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
My config file is as follows:
version 2
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
#uniqueids=yes
conn %default
#keyingtries=0
#disablearrivalcheck=no
authby=secret
#leftrsasigkey=%dnsondemand
#rightrsasigkey=%dnsondemand
conn sample
left=202.88.102.83
leftsubnet=192.168.3.0/25
leftnexthop=202.88.102.86
right=202.88.101.13
rightsubnet=13.1.1.0/24
rightnexthop=202.88.101.1
auto=add
pfs=no
keyexchange=ike
esp=des-md5-56
Again I am stuck here, with no idea what I am doing wrong. Any help will
be much much appreciated.
raj
More information about the Users
mailing list