[Openswan Users] "ipsec verify"

marcos at dytz.com.br marcos at dytz.com.br
Fri Sep 30 14:51:04 CEST 2005


Hello Paul,

I've tried installing gawk, but it complained that awk is already provided by
Busybox, would there be any other way to tweak the awk part of showhostkey to
figure out why it is giving a "awk: xregcomp: Unmatched \{" message or how
could I manually verify if the RSA private key complies to what is expected by
Openswan?

Thanks,

Marcos

----- Mensagem encaminhada de "marcos at dytz.com.br" <marcos at dytz.com.br> -----
   Data: Thu, 29 Sep 2005 13:07:17 +0200
     De: "marcos at dytz.com.br" <marcos at dytz.com.br>
Reponder para: "marcos at dytz.com.br" <marcos at dytz.com.br>
 Assunto: Re: [Openswan Users] "ipsec verify"
   Para: "users at openswan.org" <users at openswan.org>

Hello,

So I installed Perl and the required modules (that was a pain in the ass for
Familiar), added the PATH variable to have it working as said in the last
message, managed to run "ipsec verify" and I've got the following output:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                         [OK]
Linux Openswan U2.2.0/K2.00pre1 (klips)
Checking for IPsec support in kernel                                    [OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)                 [FAILED]
hostname: invalid option -- -
BusyBox v1.00 (2005.04.07-12:08+0000) multi-call binary

Usage: hostname [OPTION] {hostname | -F FILE}

awk: xregcomp: Unmatched \{
Checking that pluto is running                                          [OK]
Checking for 'ip' command                                               [OK]
Checking for 'iptables' command                                         [OK]

Opportunistic Encryption DNS checks:
  Looking for TXT in forward dns zone: h3600                           [MISSING]
Cannot execute command "host -t txt h3600": No such file or directory
  Does the machine have at least one non-private address?              [FAILED]


So I went to the "verify" script and found that the error was in "showhostkey"
in the following line

host="`hostname --fqdn`"

So I rewrote it as

host="`hostname`"

since Busybox seems to not offer the --long/--fqdn option, is that correct?

But I still couldn't find a way to patch the "awk: xregcomp: Unmatched \{", I
tried installing AWK, but ipkg tool complained that it is already installed (it
seems that it comes with Busybox) so anyone would have any idea on what to do to
"patch" this error? And get a proper result for the RSA key.

By the way, the ipsec.secrets was changed and some comments were added to it,
that means that the key file is valid or it has no meaning at all?

As for the OE, there is no host() so I am discarding the MISSING result, but the
last FAILED (the non-private address one) is a error in the configuration or
should I not consider it?

Thanks,

Marcos

Citando Paul Wouters <paul at xelerance.com>:

> On Thu, 29 Sep 2005, marcos at dytz.com.br wrote:
>
> > I am in the final steps of setting OpenSwan on a Familiar 0.8.2 and I
> wanted to
> > verify the configuration that I've made through "ipsec verify", but I am
> > receiving the following message "exec: 136: /usr/libexec/ipsec/verify: not
> > found" whenever I try that although the file is there.
> >
> > Anyone has any idea on why I am receiving a file not found even though it
> does
> > exist and is pointing to the right directory. I've tried executing the
> script
> > by itself, but that didn't worked as well.
>
> it's a perl script. you probably do not have perl installed.
>
> > The iPaq is the H3660 and the Openswan running on it is "Linux Openswan
> > U2.2.0/k2.00pre1 (klips)"
>
>




___________________________________________
Yawl Internet       http://www.yawl.com.br/

Acesso Discado / ADSL / 24Hs
Hospedagem ASP, PHP, JSP, ColdFusion, MySQL

_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users

----- Finalizar mensagem encaminhada -----




___________________________________________
Yawl Internet       http://www.yawl.com.br/

Acesso Discado / ADSL / 24Hs
Hospedagem ASP, PHP, JSP, ColdFusion, MySQL



___________________________________________
Yawl Internet       http://www.yawl.com.br/

Acesso Discado / ADSL / 24Hs
Hospedagem ASP, PHP, JSP, ColdFusion, MySQL



More information about the Users mailing list