[Openswan Users] packet rejected: should have been encrypted - more logs

Bram Bouwens bbouwens at xs4all.nl
Tue Jul 5 11:30:58 CEST 2005


Paul Wouters wrote:
> On Mon, 4 Jul 2005, Bram Bouwens wrote:
> 
>> For a more complete picture:
>>
>> - the openswan ipsec.conf at http://80.126.5.18/ipsec.conf
>> - the openswan log at http://80.126.5.18/secure.log (why does Pluto 
>> restart????)
> 
> 
>> Starting Pluto (Openswan Version cvs2002Mar11_19:19:03
> 
> 
> Please try 2.3.1
> 
Nou breekt m'n klomp...

# rpm -q openswan
openswan-2.3.1-21.rh7.3.at

So I downloaded the official sources and compiled the package myself.

# ipsec --version
Linux Openswan U2.3.1/K2.1.2rc3 (klips)

That's better....

>> - the windows ipsec.conf at http://80.126.5.18/winipsec.conf
>> - the windows oakley log at http://80.126.5.18/oakley.log (GetPacket 
>> failed? CertFindExtenstion failed?)
> 
> 
> If you are unsure about whether the certificate has imported correctly, use
> certimport.exe to re-import the certificate. It's on ft.openswan.org.

OK, did that too, just to be sure. certimport.exe reported it already
had the equivalent cert.
> 
>> I really don't see what's happening. I have been running 
>> freeswan/openswan
>> for 4 years (linux-linux) with hardly any trouble, but this is pretty 
>> vague to me.
> 
> 
> I am not sure what is happening either. I suspect a bug in the CVS version
> of openswan that you are running.

With 2.3.1 the behaviour is very much the same. I updated the logfiles pointed
to above.

So ... more suggestions are welcome.

Bram


More information about the Users mailing list