[Openswan Users] Openswan on FC3

Eduardo Detrell edetrell at fain.es
Fri Jul 29 12:59:11 CEST 2005 

Hello:

Well. I see a different answers:

[root at piolin ~]# ipsec auto --add piolin
[root at piolin ~]# ipsec auto --up piolin
104 "piolin" #1: STATE_MAIN_I1: initiate
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "piolin" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
.............

Regards.


----- Original Message ----- 
From: "Trevor Hennion" <trevor-os at thennion.demon.co.uk>
To: <users at openswan.org>
Sent: Friday, July 29, 2005 9:29 AM
Subject: Re: [Openswan Users] Openswan on FC3


> Eduardo,
>
> I can't see an 'auto' line for your 'piolin' conn block.
> Therefore you need to do:
> ipsec auto --add piolin
> before you do
> ipsec auto -- up piolin
> or
> add 'auto = add' or 'auto=start' if its not a roadwarrior connection.
>
> HTH
>
> Regards
>
> Trevor Hennion
> http://www.infocentrality.co.uk
>
>
> On Friday 29 July 2005 07:34, Eduardo Detrell wrote:
>> Hello:
>>
>> This are some lines in the file /etc/ipsec.conf:
>>
>> version 2.0     # conforms to second version of ipsec.conf specification
>>
>> # basic configuration
>> config setup
>>         # Debug-logging controls:  "none" for (almost) none, "all" for
>> lots. # klipsdebug=all
>>         # plutodebug=dns
>>         #interfaces=%defaultroute
>>         interfaces="ipsec0=eth2"
>>         klipsdebug=none
>>         plutodebug=none
>> #       plutoload=%search
>> #       plutostart=%search
>> #       keyingtries=0
>>
>> # Add connections here.
>>
>> conn piolin
>>         left=AAA.BBB.CCC.DDD
>>         leftnexthop=192.168.1.2
>>         leftsubnet=192.168.0.0/16
>>         right=192.168.101.1
>>         rightnexthop=192.168.101.254
>>         rightsubnet=192.168.100.0/16
>>         spi=.....
>>         esp=.......
>>         espenckey=...........................................
>>         espauthkey=............................................
>>
>> #Disable Opportunistic Encryption
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> Thanks.
>>
>> Regards.
>>   ----- Original Message -----
>>   From: Michael Stelluti
>>   To: Eduardo Detrell
>>   Cc: users at openswan.org
>>   Sent: Thursday, July 28, 2005 8:14 PM
>>   Subject: Re: [Openswan Users] Openswan on FC3
>>
>>
>>   Eduardo Detrell wrote:
>>     Hello:
>>
>>     This is the anwer of it:
>>
>>     [root at piolin ~]# ipsec auto --up piolin
>>     021 no connection named "piolin"
>>
>>     This connection is named in /etc/ipsec.conf.
>>
>>     Thanks for your help.
>>
>>     Regards.
>>       ----- Original Message -----
>>       From: Michael Stelluti
>>       To: Eduardo Detrell
>>       Cc: users at openswan.org
>>       Sent: Thursday, July 28, 2005 7:02 PM
>>       Subject: Re: [Openswan Users] Openswan on FC3
>>
>>
>>       Eduardo Detrell wrote:
>>         Hello:
>>
>>         When I try to up a tunnel with this command:"ipsec manual --up
>> piolin" the system answer me: ipsec manual: fatal error in "piolin": no
>> IPsec-enabled interfaces found"
>>
>>         I test de installation:
>>
>>         [root at piolin ~]# ipsec verify
>>         Checking your system to see if IPsec got installed and started
>> correctly: Version check and ipsec on-path
>>  [OK] Linux Openswan U2.3.1/K2.6.11-1.35_FC3smp (netkey)
>>         Checking for IPsec support in kernel
>> [OK] Checking for RSA private key (/etc/ipsec.secrets)               [OK]
>> Checking that pluto is running                                  [OK] Two
>> or more interfaces found, checking IP forwarding            [OK] Checking
>> NAT and MASQUERADEing                                  [OK] Checking for
>> 'ip' command                                       [OK] Checking for
>> 'iptables' command                                 [OK] Checking for
>> 'setkey' command for NETKEY IPsec stack support    [OK] Opportunistic
>> Encryption Support                                [DISABLED]
>>
>>         Please, anybody can help me?. Thanks.
>>
>>         Regards.
>> ------------------------------------------------------------------------
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>   The correct command to manually initiate your connection is "ipsec auto
>> --up piolin".
>>
>> -------------------------------------------------------------------------
>>--- _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>   this line [ 021 no connection named "piolin" ] tells me that the name
>> piolin is not the correct name in the ipsec.conf file, but you say it is.
>>  can you send a copy of your conn file.  the name for the connection
>> should be whatever you put after the word conn in your file.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list