[Openswan Users] stuck at Negotiating IP Security.
paul at xelerance.com
Fri Sep 16 17:21:53 CEST 2005
On Fri, 16 Sep 2005, darkrealm wrote:
> Subject: Re: [Openswan Users] stuck at Negotiating IP Security.
> ok, i have attached the output of ipsec barf in an attachment file. it
> was a bit much to post it all in an email ;-)
>From the barf:
> NETKEY (2.6.5-1.358) support detected
> broken (redhat/fedora) 2.6 kernel without kallsyms
That is a very old kernel. NETKEY might have issues here.
> Sep 16 01:01:46 darkrealm ipsec_setup: Starting Openswan IPsec 2.4.1dr1...
please upgrade openswan to 2.4.0
> Sep 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in
> "roadwarrior-l2tp": (/etc/ipsec.conf, line 42) duplicated parameter "pfs"
> Sep 16 01:01:48 darkrealm ipsec__plutorun: ...could not add conn
You are specifying pfs= twice, once through an "also" statement. You cannot
> p 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in
> "roadwarrior": %defaultroute requested but not known
You are using a "%defaultroute" setting for left=, while not using
interfaces="%defaultroute". Change the interfaces line.
> Sep 16 01:01:46 darkrealm pluto: 1 bad entries in virtual_private -
> none loaded
Your linre is wrong. you have:
Two or more interfaces found, checking IP forwarding [FAILED]
if dooing roadwarriors-net you need ip forwarding
that conn is not different from just roadwarrior, so it is wrong.
More information about the Users