[Openswan Users] "ipsec verify"

marcos at dytz.com.br marcos at dytz.com.br
Thu Sep 29 14:07:17 CEST 2005 

Hello,

So I installed Perl and the required modules (that was a pain in the ass for
Familiar), added the PATH variable to have it working as said in the last
message, managed to run "ipsec verify" and I've got the following output:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                  	[OK]
Linux Openswan U2.2.0/K2.00pre1 (klips)
Checking for IPsec support in kernel                             	[OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)          	[FAILED]
hostname: invalid option -- -
BusyBox v1.00 (2005.04.07-12:08+0000) multi-call binary

Usage: hostname [OPTION] {hostname | -F FILE}

awk: xregcomp: Unmatched \{
Checking that pluto is running                                   	[OK]
Checking for 'ip' command                                        	[OK]
Checking for 'iptables' command                                  	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: h3600                    	[MISSING]
Cannot execute command "host -t txt h3600": No such file or directory
   Does the machine have at least one non-private address?       	[FAILED]


So I went to the "verify" script and found that the error was in "showhostkey"
in the following line

host="`hostname --fqdn`"

So I rewrote it as

host="`hostname`"

since Busybox seems to not offer the --long/--fqdn option, is that correct?

But I still couldn't find a way to patch the "awk: xregcomp: Unmatched \{", I
tried installing AWK, but ipkg tool complained that it is already installed (it
seems that it comes with Busybox) so anyone would have any idea on what to do to
"patch" this error? And get a proper result for the RSA key.

By the way, the ipsec.secrets was changed and some comments were added to it,
that means that the key file is valid or it has no meaning at all?

As for the OE, there is no host() so I am discarding the MISSING result, but the
last FAILED (the non-private address one) is a error in the configuration or
should I not consider it?

Thanks,

Marcos

Citando Paul Wouters <paul at xelerance.com>:

> On Thu, 29 Sep 2005, marcos at dytz.com.br wrote:
>
> > I am in the final steps of setting OpenSwan on a Familiar 0.8.2 and I
> wanted to
> > verify the configuration that I've made through "ipsec verify", but I am
> > receiving the following message "exec: 136: /usr/libexec/ipsec/verify: not
> > found" whenever I try that although the file is there.
> >
> > Anyone has any idea on why I am receiving a file not found even though it
> does
> > exist and is pointing to the right directory. I've tried executing the
> script
> > by itself, but that didn't worked as well.
>
> it's a perl script. you probably do not have perl installed.
>
> > The iPaq is the H3660 and the Openswan running on it is "Linux Openswan
> > U2.2.0/k2.00pre1 (klips)"
>
>




___________________________________________
Yawl Internet       http://www.yawl.com.br/

Acesso Discado / ADSL / 24Hs
Hospedagem ASP, PHP, JSP, ColdFusion, MySQL

More information about the Users mailing list