[Openswan Users] Openswan 2.4.7 and juniper ns208

Paul Wouters paul at xelerance.com
Thu Dec 7 13:37:16 EST 2006

On Thu, 7 Dec 2006, Didine wrote:

> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.7/K2.6.18-1.2798.fc6 (netkey)
> Checking for IPsec support in kernel                            [OK]
> Testing against enforced SElinux mode                           [OK]
> Hardware RNG detected, testing if used properly                 [FAILED]
>  Hardware RNG is present but 'rngd' is not running.
>  No harware random used!

You might want to install rng-utils / rng-tools :)

> NETKEY detected, testing for disabled ICMP send_redirects       [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
> Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [OK]
> Checking NAT and MASQUERADEing                                  [OK]
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption DNS checks:
>   Looking for TXT in forward dns zone: lt85.xxxxxx.xxx      [MISSING]
>   Does the machine have at least one non-private address?      [FAILED]

Did you include /etc/ipsec.d/examples/no_oe.conf to disable
Opportunistic Encryption?

> > > 004 "lt85_to_centre" #12: STATE_QUICK_I2: sent QI2, IPsec SA established
> > > {ESP=>0x7593622b <0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}

Do you have a way of sniffing the connection between the linux machines and the
juniper so see if you are sending ESP packets? Do you have any errors on the

I can't see any obvious errors from the openswan side.


More information about the Users mailing list