Skipped content of type multipart/alternative-------------- next part --------------
root at lac root]# ipsec auto --show --up lns-lac
+ exec
+ ipsec whack --name lns-lac --initiate
003 "lns-lac" #1: ASSERTION FAILED at spdb_struct.c:1233: trans->attr_cnt == 4
000 "lns-lac" #1: interface ipsec0/eth0 201.123.80.64
000 "lns-lac" #1: %myid = (none)
000 "lns-lac" #1: debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000 "lns-lac" #1:
000 "lns-lac" #1: algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 "lns-lac" #1: algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 "lns-lac" #1: algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 "lns-lac" #1: algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 "lns-lac" #1:
000 "lns-lac" #1: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 "lns-lac" #1: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 "lns-lac" #1: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 "lns-lac" #1: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 "lns-lac" #1: algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 "lns-lac" #1: algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 "lns-lac" #1: algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 "lns-lac" #1: algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 "lns-lac" #1: algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 "lns-lac" #1: algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 "lns-lac" #1: algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 "lns-lac" #1:
000 "lns-lac" #1: stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,1,36} trans={0,1,72} attrs={0,1,48}
000 "lns-lac" #1:
000 "lns-lac" #1: "lns-lac": 192.168.80.0/24===201.123.80.64[C=IN, ST=karnataka, L=Bangalore, O=BEL, OU=CRL, CN=lac, E=lac at bel.crl.co.in]...201.123.80.136[C=IN, ST=karnataka, L=Bangalore, O=BEL, OU=CRL, CN=@lns, E=lns at bel.crl.co.in]===192.168.100.0/24; unrouted; eroute owner: #0
000 "lns-lac" #1: "lns-lac": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "lns-lac" #1: "lns-lac": CAs: 'C=IN, ST=karnataka, L=Bangalore, O=BEL, OU=CRL, CN=vpn, E=vpn at bel.crl.co.in'...'C=IN, ST=karnataka, L=Bangalore, O=BEL, OU=CRL, CN=vpn, E=vpn at bel.crl.co.in'
000 "lns-lac" #1: "lns-lac": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "lns-lac" #1: "lns-lac": policy: RSASIG+ENCRYPT+TUNNEL+DONTREKEY+UP+AGGRESSIVE+failurePASS; prio: 24,24; interface: eth0;
000 "lns-lac" #1: "lns-lac": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "lns-lac" #1: "lns-lac": IKE algorithms wanted: 7_128-2-18, flags=-strict
000 "lns-lac" #1: "lns-lac": IKE algorithms found: 7_128-2_160-18,
000 "lns-lac" #1: "lns-lac": ESP algorithms wanted: 12_256-2, flags=-strict
000 "lns-lac" #1: "lns-lac": ESP algorithms loaded: 12_256-2, flags=-strict
000 "lns-lac" #1:
000 "lns-lac" #1: #1: "lns-lac":500 STATE_AGGR_I1 (sent AI1, expecting AR1); EVENT_SO_DISCARD in -4s; nodpd
000 "lns-lac" #1:
+ echo = 3
-------------- next part --------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth0"
plutodebug=all
klipsdebug=all
uniqueids=yes
#plutoload=%search
#plutostart=%search
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# Add connections here
# sample VPN connection
conn lns-lac
left=201.123.80.136
ike=aes128-sha-modp8192
esp=aes256-sha1
#left=10.0.0.2
leftsubnet=192.168.100.0/24
leftid=@lns
leftrsasigkey=%cert
leftcert=lns.pem
# leftrsasigkey=0sAQNQYhB/r+t10EderXvxqCPp0FkwVioHezF02vdIfBXFfrnyAQlkSZGbQvXfZz1eZDPaceCyCQoEqS2etvEeA56lulLPYjjoU4ne+t4rm2n7+QUkw9NMViPIlS8kfuAvL5UQ0HWDXL0vANVwmYDRipK92M+Yl29yte2E7XsW3MWURQ==
leftnexthop=201.123.80.64
#leftnexthop=10.0.0.1
right=201.123.80.64
#right=10.0.0.1
#rightsubnet=10.69.0.0/24
rightsubnet=192.168.80.0/24
rightid=@lac
rightrsasigkey=%cert
rightcert=lac.pem
# rightrsasigkey=0sAQPjkf+shqc1FvxUdVShlTsuKJIdZDkOFdZmF+eYvPziUzWIoWBQmldFMJ7YXcvsx/gWnGGgIn7HXJAnVzTR8HcIyaUtsRG44OvTP8pVBFQzwSKZaA5HuXMxJlSSyzXbz2n1AX1IFR1k0L+9Breem0CjQuTZsqEVfTsonnqZ1jXZIw==
rightnexthop=201.123.80.136
#rightnexthop=10.0.0.2
authby=rsasig
auth=esp
compress=no
rekey=no
aggrmode=yes
ikelifetime=1h
keylife=1d
failureshunt=passthrough
pfs=no
auto=ignore
conn lns-lac-manual
#left=10.0.0.2
left=201.123.80.136
leftsubnet=192.168.100.0/24
leftnexthop=201.123.80.64
right=201.123.80.64
rightnexthop=201.123.80.136
#leftnexthop=10.0.0.1
#right=10.0.0.1
rightsubnet=192.168.80.0/24
#rightnexthop=10.0.0.2
spi=0x500
esp=3des-md5-96
espenckey=0xd56486a7_ff483c4a_6928d78c_2ba7c6bd_43c746c0_38e44fdb
espauthkey=0x0eeaa850_55351982_5ae5fd3e_d9ca609f
# right=201.123.80.64
# left=201.123.80.136
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf