[Openswan Users] ipsec needed restart
Paul Wouters
paul at xelerance.com
Tue Nov 8 18:29:10 CET 2005
On Tue, 8 Nov 2005, sasa wrote:
> Hi, I use on Fedora Core 1 and kernel 2.4.22 the openswan 2.3.1-21 version but
> I have a problem that it forces to me to restart the service ipsec.
> conn left-road
> auto=add
> authby=secret
> pfs=no
> type=transport
> left=1.2.3.4
> leftnexthop=1.2.3.5
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> include /etc/ipsec.d/examples/no_oe.conf
You probably want to comment out type=transport (it will still use transport
mode) and add rightsubnet=vhost:%no,%priv if you want to be able to use l2tp
from behind a NAT router. You also need nat_traversal=yes and the appropriate
virtual_private setting.
> ipsec_setup: Attempt to shut Pluto down failed! Trying kill:
> ipsec_setup: /usr/lib/ipsec/_realsetup: line 1: kill: (28664) - No such
> process
> ipsec_setup: Starting Openswan IPsec Ucvs2002Mar11_19:19:03/K2.1.2rc3..
That is not 2.3.1, but some cvs version? Please upgrade to 2.4.x.
> OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Nov 7 17:41:51 test2 pluto[28664]: "left-road"[6] 81.174.38.254 #1071:
> OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Nov 7 17:41:51 test2 pluto[28664]: "left-road"[6] x.x.x.x #1071: no
> acceptable Oakley Transform
Upgrade the Windows client. It is asking for 1DES instead of 3DES.
> Nov 7 17:41:51 test2 pluto[28664]: "left-road"[6] x.x.x.x #1071: failed to
> build notification for spisize=0
This warning has been fixed too.
Paul
More information about the Users
mailing list