[Openswan Users] Wrong ISAKMP-Port

Daniel Woithe woithe at gmx.net
Sun Jun 19 16:45:49 CEST 2005


> On Sun, 19 Jun 2005, Daniel Woithe wrote:

>> The problem is the isakmp-port - instead of using the default port 500,
>> openswan expects packets on port 244. i haven't found a parameter to
>> change this.

> Is there a nat router?
> Can you show us the logs of openswan? (with plutodebug=none and
> klipsdebug=none)

No, i think, i'm not using NAT.

Okay - here we have the startup-information...

Jun 19 15:29:19 ixp425 daemon.err ipsec_setup: KLIPS ipsec0 on ath0 192.168.1.1/255.255.255.0 broadcast 192.168.1.255
Jun 19 15:29:19 ixp425 authpriv.err ipsec__plutorun: Starting Pluto subsystem...
Jun 19 15:29:19 ixp425 daemon.err ipsec_setup: ...Openswan IPsec started
Jun 19 15:29:19 ixp425 authpriv.warn pluto[11815]: Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Jun 19 15:29:19 ixp425 authpriv.warn pluto[11815]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Jun 19 15:29:19 ixp425 authpriv.warn pluto[11815]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 19 15:29:19 ixp425 authpriv.warn pluto[11815]: Using Linux 2.6 IPsec interface code
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]: Changing to directory '/etc/ipsec/ipsec.d/cacerts'
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]:   loaded CA cert file 'cacert.pem' (1241 bytes)
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]: Could not change to directory '/etc/ipsec/ipsec.d/aacerts'
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]: Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts'
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]: Changing to directory '/etc/ipsec/ipsec.d/crls'
Jun 19 15:29:20 ixp425 authpriv.warn pluto[11815]:   Warning: empty directory
Jun 19 15:29:20 ixp425 daemon.err ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.11.2...
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]:   loaded host cert file '/etc/ipsec/ipsec.d/certs/cert-srv.pem' (1251 bytes)
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]:   loaded host cert file '/etc/ipsec/ipsec.d/certs/cert-clt.pem' (2338 bytes)
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: added connection description "lan"
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: listening for IKE messages
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: adding interface eth0/eth0 192.168.0.25
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: adding interface ath0/ath0 192.168.1.1
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: adding interface lo/lo 127.0.0.1
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]: loading secrets from "/etc/ipsec/ipsec.secrets"
Jun 19 15:29:21 ixp425 authpriv.warn pluto[11815]:   loaded private key file '/etc/ipsec/ipsec.d/private/key-srv.pem' (1089 bytes)


And this happens, when i try to connect from another pc:

Jun 19 15:32:24 ixp425 authpriv.warn pluto[11815]: packet from 192.168.1.100:500: initial Main Mode message received on 192.168.1.1:500 but no connection has been authorized



Greets
Daniel




More information about the Users mailing list