[Openswan Users] VPN connection to server behind firewall

Giovani Moda - MR Informática giovani at mrinformatica.com.br
Thu Nov 10 15:50:21 CET 2005 

Odly enough, I could not reproduce this behavior today. I'm trying to 
replicate all the changes I've done to the config yesterday, but none of 
them seems to trig this error.

Anyway, I'll give it a try again later. Maybe it only occurs when NAT-T is 
brought up, wich I can't replicate right now.

Following is my log file from yesterday:

Nov  9 22:23:26 main ipsec__plutorun: restarting IPsec after pause...
Nov  9 22:23:36 main ipsec_setup: Removing orphaned 
/var/run/pluto/pluto.pid:
Nov  9 22:23:37 main ipsec__plutorun: 003 ASSERTION FAILED at 
connections.c:1358: isanyaddr(&c->spd.that.host_addr)
Nov  9 22:23:37 main ipsec__plutorun: 000 %myid = (none)
Nov  9 22:23:37 main ipsec__plutorun: 000 debug none
Nov  9 22:23:37 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm ESP encrypt: id=3, 
name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm ESP encrypt: id=12, 
name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm ESP auth attr: id=1, 
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm ESP auth attr: id=2, 
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm ESP auth attr: id=9, 
name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
Nov  9 22:23:38 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE encrypt: id=5, 
name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE encrypt: id=7, 
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE hash: id=1, 
name=OAKLEY_MD5, hashsize=16
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE hash: id=2, 
name=OAKLEY_SHA1, hashsize=20
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=2, 
name=OAKLEY_GROUP_MODP1024, bits=1024
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=5, 
name=OAKLEY_GROUP_MODP1536, bits=1536
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=14, 
name=OAKLEY_GROUP_MODP2048, bits=2048
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=15, 
name=OAKLEY_GROUP_MODP3072, bits=3072
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=16, 
name=OAKLEY_GROUP_MODP4096, bits=4096
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=17, 
name=OAKLEY_GROUP_MODP6144, bits=6144
Nov  9 22:23:38 main ipsec__plutorun: 000 algorithm IKE dh group: id=18, 
name=OAKLEY_GROUP_MODP8192, bits=8192
Nov  9 22:23:38 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: 000 stats db_ops.c: {curr_cnt, 
total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Nov  9 22:23:38 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP": 
%any:17/%any...my.external.ip[C=BR.....]:17/%any; unrouted; eroute owner: #0
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP":     srcip=unset; 
dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP":   CAs: 
'%any'...'C=BR....'
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP":   ike_life: 3600s; 
ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP":   policy: 
RSASIG+ENCRYPT+COMPRESS+TUNNEL; prio: 32,32; interface: ;
Nov  9 22:23:38 main ipsec__plutorun: 000 "inet-XP":   newest ISAKMP SA: #0; 
newest IPsec SA: #0;
Nov  9 22:23:38 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: 000
Nov  9 22:23:38 main ipsec__plutorun: ...could not add conn "inet-XP"
Nov  9 22:23:38 main ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 
1: 30880 Aborted 
                /usr/local/libexec/ipsec/pluto --nofork --secretsfile 
/etc/ipsec.secrets --ipsecdir 
/etc/ipsec.d --debug-none --use-auto --uniqueids --nat_traversal --virtual_private 
%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:!192.168.1.1/24
Nov  9 22:23:38 main ipsec__plutorun: whack: is Pluto running?  connect() 
for "/var/run/pluto/pluto.ctl" failed (111 Connection refused)
Nov  9 22:23:38 main ipsec__plutorun: !pluto failure!:  exited with error 
status 134 (signal 6)
Nov  9 22:23:38 main ipsec__plutorun: restarting IPsec after pause...
Nov  9 22:23:48 main ipsec_setup: Removing orphaned 
/var/run/pluto/pluto.pid:

More information about the Users mailing list