[Fwd: RE: [Openswan Users]]
Greg
gregory.domagala at aliceadsl.fr
Wed Aug 9 13:44:56 EDT 2006
Thanks,
I'm on Fedora Core 4
My version of openswan : Linux Openswan U2.4.4/K2.6.14-1.1656_FC4smp
(netkey)
GD
> -----Message d'origine-----
> De : Andy Gay [mailto:andy at andynet.net]
> Envoyé : mercredi 9 août 2006 18:24
> À : Greg
> Cc : users at openswan.org
> Objet : RE: [Fwd: RE: [Openswan Users]]
>
> On Wed, 2006-08-09 at 18:10 +0200, Greg wrote:
> > Thanks Andy
> >
> > Problem with my MTA too :(
> >
> > >Did your mail client do this, or does this line really not have any
> > > whitespace at the start? Lines within a section must be indented.
> > Yes, it's the mail client
> >
> > > Do your logs say the conn was loaded OK?
> > No problem, the conn was loaded
> >
> > > Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
> > No problem
> >
> > conn roadwarrior-l2tp
> > left=192.168.0.4
> > leftcert=cert.pem
> > leftprotoport=17/1701
> > right=%any
> > rightprotoport=17/1701
> > rightsubnet=vhost:%no,%priv
> > pfs=no
> > auto=add
> >
> > >Can you show us the output from 'ipsec auto --status'?
> > 000 interface lo/lo ::1
> > 000 interface lo/lo 127.0.0.1
> > 000 interface lo/lo 127.0.0.1
> > 000 interface eth0/eth0 192.168.0.4
> > 000 interface eth0/eth0 192.168.0.4
> > 000 %myid = (none)
> > 000 debug none
> > 000
> > 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> > keysizemax=64
> > 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> > keysizemax=192
> > 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
> keysizemin=40,
> > keysizemax=448
> > 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> > keysizemax=0
> > 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> > keysizemax=256
> > 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> > keysizemin=128, keysizemax=256
> > 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> > keysizemin=128, keysizemax=256
> > 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> > keysizemin=128, keysizemax=128
> > 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> > keysizemin=160, keysizemax=160
> > 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> > keysizemin=256, keysizemax=256
> > 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
> keysizemax=0
> > 000
> > 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> > keydeflen=192
> > 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> > keydeflen=128
> > 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> > 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> > 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> > 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> > 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> > 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> > 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> > 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> > 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> > 000
> > 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> > trans={0,0,0} attrs={0,0,0}
> > 000
> > 000 "roadwarrior-l2tp": 192.168.0.4[C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
> > OU=INFO, CN=TEST, E=root at test.com]:17/1701...%virtual:17/1701===?;
> unrouted;
> > eroute owner: #0
>
> Weird. It has right=?, not %any.
> I'm sure that's your problem, but I've no idea what would cause that.
> Anyone else seen this?
>
> What version of Openswan is this? (ipsec --version will tell you).
>
> > 000 "roadwarrior-l2tp": srcip=unset; dstip=unset; srcup=ipsec
> _updown;
> > dstup=ipsec _updown;
> > 000 "roadwarrior-l2tp": CAs: 'C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
> > OU=INFO, CN=TEST, E=root at test.fr'...'%any'
> > 000 "roadwarrior-l2tp": ike_life: 3600s; ipsec_life: 28800s;
> rekey_margin:
> > 540s; rekey_fuzz: 100%; keyingtries: 1
> > 000 "roadwarrior-l2tp": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL; prio:
> > 32,32; interface: eth0;
> > 000 "roadwarrior-l2tp": newest ISAKMP SA: #0; newest IPsec SA: #0;
> > 000
> > 000
> >
> >
> >
> > > -----Message d'origine-----
> > > De : Andy Gay [mailto:andy at andynet.net]
> > > Envoyé : mercredi 9 août 2006 17:47
> > > À : users at openswan.org
> > > Cc : Greg
> > > Objet : [Fwd: RE: [Openswan Users]]
> > >
> > > Can someone please forward this to Greg. He seems to be ignoring
> > > messages from me.
> > >
> > > -------- Forwarded Message --------
> > > From: Andy Gay <andy at andynet.net>
> > > To: Greg <gregory.domagala at aliceadsl.fr>
> > > Cc: users at openswan.org
> > > Subject: RE: [Openswan Users]
> > > Date: Tue, 08 Aug 2006 19:44:24 -0400
> > >
> > > On Tue, 2006-08-08 at 23:40 +0200, Greg wrote:
> > >
> > > > config setup
> > > > interfaces=%defaultroute
> > > > nat_traversal=yes
> > > >
> > > >
> > >
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:81
> > > .1
> > > > 27.61.93/32
> > >
> > > Did your mail client do this, or does this line really not have any
> > > whitespace at the start? Lines within a section must be indented.
> > >
> > > > Aug 8 23:17:01 darko pluto[4751]: packet from 90.95.19.131:500:
> initial
> > > > Main Mode message received on 192.168.0.4:500 but no connection has
> been
> > > > authorized
> > >
> > > This sounds like the conn didn't load correctly, maybe due to the
> > > whitepace issue above.
> > >
> > > Do your logs say the conn was loaded OK?
> > > Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
> > >
> > > Can you show us the output from 'ipsec auto --status'?
> > >
> > >
> > >
> > > _______________________________________________
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > > Building and Integrating Virtual Private Networks with Openswan:
> > > http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155
> >
> >
> >
More information about the Users
mailing list