[Openswan Users] Openswan IPsec help please
paul at xelerance.com
Wed Dec 28 18:48:51 CET 2005
On Wed, 28 Dec 2005, Michael Jeffries wrote:
> I am using Linux Openswan U2.3.0/K2.6.9-11.EL on a Centos linux machine.
If this is centos3 (aka RHEL3) then the kernel is just too buggy to use. Use
a newer stock kernel or a centos4 kernel.
> Any little bit of help will be appreciated for me to get this tunnel up, as the system keeps on complain when I start it up about "ipsec__plutorun: ...could not start conn "tunnelipsec"
> my /var/log/messages looks as follows when I start up the service
> Dec 28 17:11:31 bb kernel: NET: Unregistered protocol family 15
> Dec 28 17:11:31 bb ipsec_setup: ...Openswan IPsec stopped
> Dec 28 17:11:31 bb ipsec_setup: Stopping Openswan IPsec...
> Dec 28 17:11:32 bb kernel: NET: Registered protocol family 15
> Dec 28 17:11:32 bb ipsec_setup: KLIPS ipsec0 on eth0 10.3.1.9/255.255.255.0 broadcast 10.3.1.255
> Dec 28 17:11:32 bb ipsec_setup: ...Openswan IPsec started
> Dec 28 17:11:32 bb ipsec_setup: Starting Openswan IPsec 2.3.0...
> Dec 28 17:11:32 bb ipsec_setup: insmod /lib/modules/2.6.9-11.EL/kernel/net/key/af_key.ko
> Dec 28 17:11:32 bb ipsec_setup: insmod /lib/modules/2.6.9-11.EL/kernel/net/ipv4/xfrm4_tunnel.ko
> Dec 28 17:11:33 bb ipsec__plutorun: 104 "tunnelipsec" #1: STATE_MAIN_I1: initiate
> Dec 28 17:11:33 bb ipsec__plutorun: ...could not start conn "tunnelipsec"
It doesnot say why. Can you run: ipsec auto --add tunnelipsec and ipsec auto --up tunnelipsec
and get a more elaborate error message for us?
> conn tunnelipsec
> left=10.3.1.9 # Local ip
> leftsubnet=10.1.1.0/24 #Local network
> right=10.100.10.101 #Remote ip address
> rightsubnet=188.8.131.52/24 # Remote network
> esp= des-md5-96
don't use 1des. It is not compiled in per default since it is too weak.
Use 3des or aes instead.
More information about the Users