[Openswan Users] Openswan on FC3

Trevor Hennion trevor-os at thennion.demon.co.uk
Fri Jul 29 09:29:45 CEST 2005


Eduardo,

I can't see an 'auto' line for your 'piolin' conn block.
Therefore you need to do:
ipsec auto --add piolin
before you do
ipsec auto -- up piolin
or
add 'auto = add' or 'auto=start' if its not a roadwarrior connection.

HTH

Regards

Trevor Hennion
http://www.infocentrality.co.uk


On Friday 29 July 2005 07:34, Eduardo Detrell wrote:
> Hello:
>
> This are some lines in the file /etc/ipsec.conf:
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots. # klipsdebug=all
>         # plutodebug=dns
>         #interfaces=%defaultroute
>         interfaces="ipsec0=eth2"
>         klipsdebug=none
>         plutodebug=none
> #       plutoload=%search
> #       plutostart=%search
> #       keyingtries=0
>
> # Add connections here.
>
> conn piolin
>         left=AAA.BBB.CCC.DDD
>         leftnexthop=192.168.1.2
>         leftsubnet=192.168.0.0/16
>         right=192.168.101.1
>         rightnexthop=192.168.101.254
>         rightsubnet=192.168.100.0/16
>         spi=.....
>         esp=.......
>         espenckey=...........................................
>         espauthkey=............................................
>
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
>
> Thanks.
>
> Regards.
>   ----- Original Message -----
>   From: Michael Stelluti
>   To: Eduardo Detrell
>   Cc: users at openswan.org
>   Sent: Thursday, July 28, 2005 8:14 PM
>   Subject: Re: [Openswan Users] Openswan on FC3
>
>
>   Eduardo Detrell wrote:
>     Hello:
>
>     This is the anwer of it:
>
>     [root at piolin ~]# ipsec auto --up piolin
>     021 no connection named "piolin"
>
>     This connection is named in /etc/ipsec.conf.
>
>     Thanks for your help.
>
>     Regards.
>       ----- Original Message -----
>       From: Michael Stelluti
>       To: Eduardo Detrell
>       Cc: users at openswan.org
>       Sent: Thursday, July 28, 2005 7:02 PM
>       Subject: Re: [Openswan Users] Openswan on FC3
>
>
>       Eduardo Detrell wrote:
>         Hello:
>
>         When I try to up a tunnel with this command:"ipsec manual --up
> piolin" the system answer me: ipsec manual: fatal error in "piolin": no
> IPsec-enabled interfaces found"
>
>         I test de installation:
>
>         [root at piolin ~]# ipsec verify
>         Checking your system to see if IPsec got installed and started
> correctly: Version check and ipsec on-path                               
>  [OK] Linux Openswan U2.3.1/K2.6.11-1.35_FC3smp (netkey)
>         Checking for IPsec support in kernel                           
> [OK] Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [OK] Two
> or more interfaces found, checking IP forwarding            [OK] Checking
> NAT and MASQUERADEing                                  [OK] Checking for
> 'ip' command                                       [OK] Checking for
> 'iptables' command                                 [OK] Checking for
> 'setkey' command for NETKEY IPsec stack support    [OK] Opportunistic
> Encryption Support                                [DISABLED]
>
>         Please, anybody can help me?. Thanks.
>
>         Regards.
> ------------------------------------------------------------------------
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>   The correct command to manually initiate your connection is "ipsec auto
> --up piolin".
>
> -------------------------------------------------------------------------
>--- _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>   this line [ 021 no connection named "piolin" ] tells me that the name
> piolin is not the correct name in the ipsec.conf file, but you say it is.
>  can you send a copy of your conn file.  the name for the connection
> should be whatever you put after the word conn in your file.


More information about the Users mailing list