[Openswan Users] Openswan 2.4.7 and juniper ns208
Paul Wouters
paul at xelerance.com
Thu Dec 7 13:37:16 EST 2006
On Thu, 7 Dec 2006, Didine wrote:
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.7/K2.6.18-1.2798.fc6 (netkey)
> Checking for IPsec support in kernel [OK]
> Testing against enforced SElinux mode [OK]
> Hardware RNG detected, testing if used properly [FAILED]
>
> Hardware RNG is present but 'rngd' is not running.
> No harware random used!
You might want to install rng-utils / rng-tools :)
> NETKEY detected, testing for disabled ICMP send_redirects [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
>
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward dns zone: lt85.xxxxxx.xxx [MISSING]
> Does the machine have at least one non-private address? [FAILED]
Did you include /etc/ipsec.d/examples/no_oe.conf to disable
Opportunistic Encryption?
> > > 004 "lt85_to_centre" #12: STATE_QUICK_I2: sent QI2, IPsec SA established
> > > {ESP=>0x7593622b <0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
Do you have a way of sniffing the connection between the linux machines and the
juniper so see if you are sending ESP packets? Do you have any errors on the
juniper?
I can't see any obvious errors from the openswan side.
Paul
More information about the Users
mailing list