[Openswan Users] Are the these coomands the same (in effect)?
Joost Kraaijeveld
J.Kraaijeveld at Askesis.nl
Tue Apr 25 12:32:50 CEST 2006
users-bounces at openswan.org wrote:
> Greetings all,
>
> I have been working more on my vpn issue and I am able to
> establish connection now (atleast from the colour and info
> from lsipsectool). However, I cannot ping nor pass any kind
> of traffic on the tunnel.
>
> I did ipsec eroute and nothing show up.
>
> On the lsipsectool configuration page, I had to have the
> Private Address/Network Mask as the same Remote Internal IP
> otherwise, I could not establish connection. I wonder why?? I
> thought that should be the internal network address.
>
> The following are the only messages coming into /var/log/messages:
>
> Apr 25 03:01:13 aparo kernel: klips_debug:@ flags = 6
> @key=0pcf81e620 key = 00000000->00000000 @mask=0p00000000
> Apr 25 03:01:13 aparo kernel: klips_debug:@ flags = 6
> @key=0pcf81e634 key = ffffffff->ffffffff @mask=0p00000000
> Apr 25 03:01:13 aparo kernel: klips_debug: off = 0
> Apr 25 03:01:13 aparo kernel:
> klips_debug:ipsec_eroute_get_info: buffer=0pccf14000,
> *start=0p00000000, offset=0, length=1024
> Apr 25 03:01:13 aparo kernel: klips_debug:rj_walktree: for:
> rn=0pcf94b388 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
> Apr 25 03:01:13 aparo kernel: klips_debug:rj_walktree:
> processing leaves, rn=0pcf94b3b8 rj_b=-3 rj_flags=6 leaf key =
> ffffffff->ffffffff Apr 25 03:01:13 aparo kernel:
> klips_debug:rj_walktree: while: base=0p00000000 rn=0pcf94b388 rj_b=-3
> rj_flags=6 leaf key = 00000000->00000000
>
>
> And this from the /var/log/auth.log:
>
> Apr 25 03:01:13 aparo pluto[4416]: | inserting event
> EVENT_PENDING_PHASE2, timeout in 120 seconds
> Apr 25 03:01:13 aparo pluto[4416]: | pending review:
> connection "syseng" was not up, skipped
> Apr 25 03:01:13 aparo pluto[4416]: | next event
> EVENT_SHUNT_SCAN in 0 seconds
> Apr 25 03:01:13 aparo pluto[4416]: |
> Apr 25 03:01:13 aparo pluto[4416]: | *time to handle event
> Apr 25 03:01:13 aparo pluto[4416]: | handling event EVENT_SHUNT_SCAN
> Apr 25 03:01:13 aparo pluto[4416]: | event after this is
> EVENT_PENDING_PHASE2 in 120 seconds
> Apr 25 03:01:13 aparo pluto[4416]: | inserting event
> EVENT_SHUNT_SCAN, timeout in 120 seconds
> Apr 25 03:01:13 aparo pluto[4416]: | scanning for shunt eroutes
> Apr 25 03:01:13 aparo pluto[4416]: | next event
> EVENT_SHUNT_SCAN in 120 seconds
>
> lsipsectool icon is green: IPSec Tunnel Active [OK]
>
>
> my ipsec.conf:
>
> # Specify the version of Openswan we are running
>
> version 2
>
> # Global configuration section:
> config setup
> nat_traversal=yes
> klipsdebug="all"
> plutodebug="all"
> interfaces="ipsec0=eth1"
>
> # General connection section:
> conn %default
> authby=secret
> #authby=secret|rsasig
>
> # Systems Engineering vpn connection definition:
> conn syseng
> left=10.10.1.57
> leftsubnet=10.10.0.0/16
> leftnexthop=193.95.xxx.xxx
> leftsourceip=10.10.1.57
> type=tunnel
> right=%any
> rightid=@gbenga
> rekey=no
> auto=add
>
> conn block
> auto=ignore
>
> conn private
> auto=ignore
>
> conn private-or-clear
> auto=ignore
>
> conn clear
> auto=ignore
>
> conn packetdefault
> auto=ignore
>
> include /etc/ipsec.d/examples/no_oe.conf
> #
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0
> .0/16,%v4:!10.10.0.0/16
>
> Network diagram:
>
> 10.10.0.0/16 <----------> Public GW [natting] <----------->
Hi,
If I have a tunnel with the name my_connection, is "/etc/init.d/ipsec restart" in effect the same as "ipsec auto --replace my_connection" (besides that fact that the first command will restart *every* tunnel)?
My goal is to restart one of many connections without interrupting the other connections but after using "ipsec auto --replace my_connection" there are no entries in the logfiles that the tunnel is actually rebuild and setkey -D (I use 26sec) does not show any tunnel for my_connection anymore...
Groeten,
Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld at Askesis.nl
web: www.askesis.nl
More information about the Users
mailing list