[Openswan Users] stinghorn patched openswan 2.3.0 IPSEC

Agent Smith news8080 at yahoo.com
Wed Sep 21 16:51:30 CEST 2005


here we go, 

(I've tried it with 3 different klips code including
2.3.0 patch from openswan website and it still has
same error message when I restart ipsec)

# uname -a
Linux l2tpgw 2.4.31OSW2431 #2 SMP Wed Sep 14 19:04:58
EDT 2005 i686 i686 i386 GNU/Linux

# ipsec version
Linux Openswan U2.3.0/K2.4.1dr1 (klips)
See `ipsec --copyright' for copyright information.


[root at l2tpgw openswan-2.3.0.patched-with-stinghorn]#
cat ipsec.conf /tmp/a
version 2.0     # conforms to second version of
ipsec.conf specification

config setup
        klipsdebug=none
        plutodebug=none
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
        interfaces=%defaultroute

conn %default
        keyingtries=1
        auto=add
        disablearrivalcheck=no
        pfs=no
        ike=3des-md5,aes128-md5,aes128-sha
        esp=3des-md5,aes128-md5,aes128-sha1
        leftrsasigkey=%dnsondemand
        leftnexthop=%defaultroute
        rightrsasigkey=%dnsondemand

conn L2TP-CERT-WIN2kXP
        type=tunnel
        authby=rsasig
        left=10.9.3.32
        leftrsasigkey=%cert
        leftcert=host.example.com.pem
        leftprotoport=17/1701
        right=%any
        rightsubnet=vhost:%all
        rightprotoport=17/1701
        rightrsasigkey=%cert

conn L2TP-CERT-MACOSX-PT
        type=tunnel
        authby=rsasig
        left=10.9.3.32
        leftrsasigkey=%cert
        leftcert=host.example.com.pem
        leftprotoport=17/1701
        right=%any
        rightsubnet=vhost:%all
        rightprotoport=17/%any
        rightrsasigkey=%cert

include /etc/ipsec.d/examples/no_oe.conf
Sep 21 23:46:33 l2tpgw ipsec_setup: KLIPS ipsec0 on
eth1 10.9.3.32/255.255.255.0 broadcast 10.9.3.255
Sep 21 23:46:33 l2tpgw ipsec_setup: ...Openswan IPsec
started
Sep 21 23:46:33 l2tpgw ipsec_setup: Starting Openswan
IPsec U2.3.0/K2.4.1dr1...
Sep 21 23:46:33 l2tpgw ipsec__plutorun:
/usr/local/libexec/ipsec/pluto: unrecognized option
`--virtual_private'
Sep 21 23:46:33 l2tpgw ipsec__plutorun: Usage: pluto
[--help] [--version] [--optionsfrom <filename>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--nofork] [--stderrlog] [--noklips] [--nocrsend]
[--strictcrlpolicy] [--crlcheckinterval] [--ocspuri]
[--uniqueids] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--interface <ifname>] [--ikeport <port-number>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--ctlbase <path>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--perpeerlogbase <path>] [--perpeerlog] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--secretsfile <secrets-file>] [--ipsecdir
<ipsec-dir>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:       [--adns
<pathname>][--nhelpers <number>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--debug-none] [--debug-all] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--debug-raw] [--debug-crypt] [--debug-parsing]
[--debug-emitting] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--debug-control] [--debug-klips] [--debug-dns]
[--debug-dpd] [ --debug-private] [ --debug-pfkey] [
--debug-nat_t] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--nat_traversal] [--keep_alive <delay_sec>] \
Sep 21 23:46:33 l2tpgw ipsec__plutorun:      
[--force_keepalive] [--disable_port_floating]
Sep 21 23:46:33 l2tpgw ipsec__plutorun: Openswan 2.3.0
Sep 21 23:46:34 l2tpgw ipsec__plutorun: pluto
unexpectedly said `exit'
Sep 21 23:46:34 l2tpgw ipsec__plutorun: pluto
unexpectedly said `1'
Sep 21 23:46:34 l2tpgw ipsec__plutorun: pluto died
unexpectedly!?!
Sep 21 23:46:34 l2tpgw ipsec__plutorun: internal
failure in pluto scripts, impossible to carry on


--- Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 21 Sep 2005, Agent Smith wrote:
> 
> > I've been messing with it to no avail, it doen't
> like
> > the virtual_private word in ipsec.conf for some
> reason
> > and I don't see any way around it.
> 
> That is a simple error then. show us your
> virtual_private line.
> 
> Paul
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Users mailing list