[Fwd: RE: [Openswan Users]]
Andy Gay
andy at andynet.net
Wed Aug 9 08:49:44 EDT 2006
On Wed, 2006-08-09 at 18:44 +0200, Greg wrote:
> Thanks,
>
> I'm on Fedora Core 4
> My version of openswan : Linux Openswan U2.4.4/K2.6.14-1.1656_FC4smp
> (netkey)
Should be recent enough.
As I said, I've no idea what could cause the right= setting to get
messed up like that. Maybe some invisible bad character in your config
file? You could run 'cat ipsec.conf | od -c' to check. Mail that to me
if you want, I'll look at it.
Something else to try - if you know your roadwarrior address right now,
set that in the config in place of %any, see if that works.
>
>
> GD
> > -----Message d'origine-----
> > De : Andy Gay [mailto:andy at andynet.net]
> > Envoyé : mercredi 9 août 2006 18:24
> > À : Greg
> > Cc : users at openswan.org
> > Objet : RE: [Fwd: RE: [Openswan Users]]
> >
> > On Wed, 2006-08-09 at 18:10 +0200, Greg wrote:
> > > Thanks Andy
> > >
> > > Problem with my MTA too :(
> > >
> > > >Did your mail client do this, or does this line really not have any
> > > > whitespace at the start? Lines within a section must be indented.
> > > Yes, it's the mail client
> > >
> > > > Do your logs say the conn was loaded OK?
> > > No problem, the conn was loaded
> > >
> > > > Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
> > > No problem
> > >
> > > conn roadwarrior-l2tp
> > > left=192.168.0.4
> > > leftcert=cert.pem
> > > leftprotoport=17/1701
> > > right=%any
> > > rightprotoport=17/1701
> > > rightsubnet=vhost:%no,%priv
> > > pfs=no
> > > auto=add
> > >
> > > >Can you show us the output from 'ipsec auto --status'?
> > > 000 interface lo/lo ::1
> > > 000 interface lo/lo 127.0.0.1
> > > 000 interface lo/lo 127.0.0.1
> > > 000 interface eth0/eth0 192.168.0.4
> > > 000 interface eth0/eth0 192.168.0.4
> > > 000 %myid = (none)
> > > 000 debug none
> > > 000
> > > 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> > > keysizemax=64
> > > 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> > > keysizemax=192
> > > 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
> > keysizemin=40,
> > > keysizemax=448
> > > 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> > > keysizemax=0
> > > 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> > > keysizemax=256
> > > 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> > > keysizemin=128, keysizemax=256
> > > 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> > > keysizemin=128, keysizemax=256
> > > 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> > > keysizemin=128, keysizemax=128
> > > 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> > > keysizemin=160, keysizemax=160
> > > 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> > > keysizemin=256, keysizemax=256
> > > 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
> > keysizemax=0
> > > 000
> > > 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> > > keydeflen=192
> > > 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> > > keydeflen=128
> > > 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> > > 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> > > 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> > > 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> > > 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> > > 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> > > 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> > > 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> > > 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> > > 000
> > > 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> > > trans={0,0,0} attrs={0,0,0}
> > > 000
> > > 000 "roadwarrior-l2tp": 192.168.0.4[C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
> > > OU=INFO, CN=TEST, E=root at test.com]:17/1701...%virtual:17/1701===?;
> > unrouted;
> > > eroute owner: #0
> >
> > Weird. It has right=?, not %any.
> > I'm sure that's your problem, but I've no idea what would cause that.
> > Anyone else seen this?
> >
> > What version of Openswan is this? (ipsec --version will tell you).
> >
> > > 000 "roadwarrior-l2tp": srcip=unset; dstip=unset; srcup=ipsec
> > _updown;
> > > dstup=ipsec _updown;
> > > 000 "roadwarrior-l2tp": CAs: 'C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
> > > OU=INFO, CN=TEST, E=root at test.fr'...'%any'
> > > 000 "roadwarrior-l2tp": ike_life: 3600s; ipsec_life: 28800s;
> > rekey_margin:
> > > 540s; rekey_fuzz: 100%; keyingtries: 1
> > > 000 "roadwarrior-l2tp": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL; prio:
> > > 32,32; interface: eth0;
> > > 000 "roadwarrior-l2tp": newest ISAKMP SA: #0; newest IPsec SA: #0;
> > > 000
> > > 000
> > >
> > >
> > >
> > > > -----Message d'origine-----
> > > > De : Andy Gay [mailto:andy at andynet.net]
> > > > Envoyé : mercredi 9 août 2006 17:47
> > > > À : users at openswan.org
> > > > Cc : Greg
> > > > Objet : [Fwd: RE: [Openswan Users]]
> > > >
> > > > Can someone please forward this to Greg. He seems to be ignoring
> > > > messages from me.
> > > >
> > > > -------- Forwarded Message --------
> > > > From: Andy Gay <andy at andynet.net>
> > > > To: Greg <gregory.domagala at aliceadsl.fr>
> > > > Cc: users at openswan.org
> > > > Subject: RE: [Openswan Users]
> > > > Date: Tue, 08 Aug 2006 19:44:24 -0400
> > > >
> > > > On Tue, 2006-08-08 at 23:40 +0200, Greg wrote:
> > > >
> > > > > config setup
> > > > > interfaces=%defaultroute
> > > > > nat_traversal=yes
> > > > >
> > > > >
> > > >
> > virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:81
> > > > .1
> > > > > 27.61.93/32
> > > >
> > > > Did your mail client do this, or does this line really not have any
> > > > whitespace at the start? Lines within a section must be indented.
> > > >
> > > > > Aug 8 23:17:01 darko pluto[4751]: packet from 90.95.19.131:500:
> > initial
> > > > > Main Mode message received on 192.168.0.4:500 but no connection has
> > been
> > > > > authorized
> > > >
> > > > This sounds like the conn didn't load correctly, maybe due to the
> > > > whitepace issue above.
> > > >
> > > > Do your logs say the conn was loaded OK?
> > > > Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
> > > >
> > > > Can you show us the output from 'ipsec auto --status'?
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Users at openswan.org
> > > > http://lists.openswan.org/mailman/listinfo/users
> > > > Building and Integrating Virtual Private Networks with Openswan:
> > > > http://www.amazon.com/gp/product/1904811256/104-3099591-
> > 2946327?n=283155
> > >
> > >
> > >
>
>
More information about the Users
mailing list