[Openswan Users] stuck at Negotiating IP Security.
Paul Wouters
paul at xelerance.com
Fri Sep 16 17:21:53 CEST 2005
On Fri, 16 Sep 2005, darkrealm wrote:
> Subject: Re: [Openswan Users] stuck at Negotiating IP Security.
>
> ok, i have attached the output of ipsec barf in an attachment file. it
> was a bit much to post it all in an email ;-)
>From the barf:
> NETKEY (2.6.5-1.358) support detected
> broken (redhat/fedora) 2.6 kernel without kallsyms
That is a very old kernel. NETKEY might have issues here.
> Sep 16 01:01:46 darkrealm ipsec_setup: Starting Openswan IPsec 2.4.1dr1...
please upgrade openswan to 2.4.0
> Sep 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in
> "roadwarrior-l2tp": (/etc/ipsec.conf, line 42) duplicated parameter "pfs"
> Sep 16 01:01:48 darkrealm ipsec__plutorun: ...could not add conn
> "roadwarrior-l2tp"
You are specifying pfs= twice, once through an "also" statement. You cannot
do that.
> p 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in
> "roadwarrior": %defaultroute requested but not known
You are using a "%defaultroute" setting for left=, while not using
interfaces="%defaultroute". Change the interfaces line.
> Sep 16 01:01:46 darkrealm pluto[6467]: 1 bad entries in virtual_private -
> none loaded
Your linre is wrong. you have:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,
%v4:192.168.2.0/16,%v4:192.168.2.100
should be
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/16
Two or more interfaces found, checking IP forwarding [FAILED]
if dooing roadwarriors-net you need ip forwarding
and ofcourse
conn roadwarrior-net
also=roadwarrior
that conn is not different from just roadwarrior, so it is wrong.
Paul
More information about the Users
mailing list