[Openswan Users] Using 1DES :(

Rajkumar S rajkumars at asianetindia.com
Thu Sep 1 22:10:05 CEST 2005 

Hi,

Any help any one, at least some places to look? I have tried almost 
every thing that I can think of.

raj

Rajkumar S wrote:
> Hi all,
> 
> I downloaded openswan-2.3.1 and set USE_WEAKSTUFF?=true in Makefile.inc
> and compiled it against linux-2.4.21 I also applied the NAT-T patch
> before compiling. I am on a debian sarge box.
> 
> Compiling went well, and after starting ipsec using /etc/init.d/ipsec
> start I started my tunnel using  ipsec auto --up sample
> 
> After I start the tunnel, I get a message about tunnel init and then
> after about a minute a message like:
> 
> IPSEC EVENT: KLIPS device ipsec0 shut down.
> 
> Next I went through the deamon.log to look at the pluto logs and there i
> saw a sig 11 for pluto and it gets killed. Pluto gets restarted after that.
> 
> Aug 31 18:13:08 localhost ipsec_setup: KLIPS debug `none'
> Aug 31 18:13:08 localhost ipsec_setup: KLIPS ipsec0 on eth0
> 202.88.102.83/255.255.255.248 broadcast 202.88.102.255
> Aug 31 18:13:08 localhost ipsec_setup: ...Openswan IPsec started
> Aug 31 18:13:08 localhost ipsec_setup: Starting Openswan IPsec 2.3.1...
> 
> Aug 31 18:13:12 localhost ipsec__plutorun:
> /usr/local/lib/ipsec/_plutorun: line 1: 12691 Segmentation fault
> /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
> --ipsecdir /etc/ipsec.d --debug-all --uniqueids
> 
> Aug 31 18:13:12 localhost ipsec__plutorun: !pluto failure!:  exited with
> error status 139 (signal 11)
> 
> Aug 31 18:13:12 localhost ipsec__plutorun: restarting IPsec after pause...
> Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec stopped
> Aug 31 18:13:22 localhost ipsec_setup: Stopping Openswan IPsec...
> Aug 31 18:13:22 localhost ipsec_setup: Removing orphaned
> /var/run/pluto/pluto.pid:
> Aug 31 18:13:22 localhost ipsec_setup: KLIPS debug `none'
> Aug 31 18:13:22 localhost ipsec_setup: KLIPS ipsec0 on eth0
> 202.88.102.83/255.255.255.248 broadcast 202.88.102.255
> Aug 31 18:13:22 localhost ipsec_setup: ...Openswan IPsec started
> Aug 31 18:13:22 localhost ipsec_setup: Restarting Openswan IPsec 2.3.1...
> Aug 31 18:13:30 localhost ipsec_setup: ...Openswan IPsec stopped
> Aug 31 18:13:30 localhost ipsec_setup: Stopping Openswan IPsec...
> 
> I also did not see 1DES algo when I looked through ipsec auto --status.
> 
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, 
> keysizemin=168, keysizemax=168
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, 
> keysizemin=128, keysizemax=256
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, 
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, 
> keysizemin=160, keysizemax=160
> 
> My config file is as follows:
> 
> version 2
> config setup
>         interfaces=%defaultroute
>         klipsdebug=none
>         plutodebug=all
>         #uniqueids=yes
> 
> conn %default
>         #keyingtries=0
>         #disablearrivalcheck=no
>         authby=secret
>         #leftrsasigkey=%dnsondemand
>         #rightrsasigkey=%dnsondemand
> 
> conn sample
>         left=202.88.102.83
>         leftsubnet=192.168.3.0/25
>         leftnexthop=202.88.102.86
>         right=202.88.101.13
>         rightsubnet=13.1.1.0/24
>         rightnexthop=202.88.101.1
>         auto=add
>         pfs=no
>         keyexchange=ike
>         esp=des-md5-56
> 
> Again I am stuck here, with no idea what I am doing wrong. Any help will 
> be much much appreciated.
> 
> raj

More information about the Users mailing list