[Openswan Users] OpenSwan / Netopia R5100
paul at xelerance.com
Tue Dec 20 05:27:00 CET 2005
On Tue, 13 Dec 2005, Sumit Khanna wrote:
Sorry for the late response, I have been busy.
your barf looks mostly fine, but a few things I did notice....
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.4/K2.6.14-gentoo-r2 (netkey)
You should probably try 2.4.5rc3.
> grep: /etc/ipsec.conf: No such file or directory
> cat: /etc/ipsec.conf: No such file or directory
that is our bug. Not vital but i made a bug report for it.
Normally I'd hate to see that, as it logs *far* too much, but....
> #> /etc/ipsec/ipsec.conf 44
> #< /etc/ipsec/tigertranz.conf 1
> conn tigertranz
Can you remove the nexthops, they should not be specified as
%defaultroute. If needed, add a leftnextop=22.214.171.124 (but leave
out the rightnexthop). Otherwise it looks good.
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter tun0/rp_filter
I recommend disabling all the rp_filter settings through sysctl.conf. Especially
since you are using NETKEY.
> Dec 13 09:07:20 [pluto] Warning: empty directory
> Dec 13 09:07:20 [ipsec_setup] ...Openswan IPsec started
> Dec 13 09:07:22 [pluto] added connection description "tigertranz"
So the conn is added.
> Dec 13 09:07:23 [pluto] "tigertranz" #1: initiating Main Mode
> Dec 13 09:07:23 [ipsec__plutorun] 104 "tigertranz" #1: STATE_MAIN_I1: initiate
> Dec 13 09:07:23 [ipsec__plutorun] ...could not start conn "tigertranz"
but that i do not understand.
> Dec 13 09:07:28 [pluto] packet from 126.96.36.199:500: initial Main Mode message received on 188.8.131.52:500 but no connection has been authorized
This also suggest sthe conn is not loaded. What happens when you type:
ipsec auto --add tigertranz
I got the feeling something is wrong. But that I am not seeing all the logs
More information about the Users