[Openswan Users] an ipsec trouble from newbie
fatin RZ
fatinrz at yahoo.com
Sat Dec 16 10:43:35 EST 2006
Hello
i'm new bie for linux and ipsec.I did all i can and now i need a help.
The error messages i got:
1-------------------------------------------
at service startup
FATAL: Error inserting padlock (/lib/modules/2.6.18-1.2798.fc6/kernel/drivers/crypto/padlock.ko): No such device
---------------------------------------------
2--------------------------------------------
From "secure" file
next payload type of ISAKMP Hash Payload has an unknown value: xx
malformed payload in packet
sending notification PAYLOAD_MALFORMED to [right network gateway ip]
-----------------------------------------------
3-From messages file
Dec 16 17:19:21 fedora6 ipsec_setup: KLIPS ipsec0 on eth0 192.168.1.253/255.255.255.0 broadcast 192.168.1.255
Dec 16 17:19:21 fedora6 ipsec_setup: ...Openswan IPsec started
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.656:58): avc: denied { read write } for pid=5867 comm="ip" name="[23325]"
dev=sockfs ino=23325 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.656:59): avc: denied { read write } for pid=5867 comm="ip" name="[23450]"
dev=sockfs ino=23450 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.684:60): avc: denied { read write } for pid=5871 comm="ip" name="[23325]"
dev=sockfs ino=23325 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.684:61): avc: denied { read write } for pid=5871 comm="ip" name="[23450]"
dev=sockfs ino=23450 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.688:62): avc: denied { read write } for pid=5872 comm="ip" name="[23325]"
dev=sockfs ino=23325 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 kernel: audit(1166282362.688:63): avc: denied { read write } for pid=5872 comm="ip" name="[23450]"
dev=sockfs ino=23450 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:19:22 fedora6 ipsec__plutorun: 104 "xyz" #1:
STATE_MAIN_I1: initiate
Dec 16 17:19:22 fedora6 ipsec__plutorun: ...could not start conn "xyz"
Dec 16 17:23:49 fedora6 kernel: audit(1166282629.780:64): avc: denied { read write } for pid=6056 comm="ip" name="[23325]"
dev=sockfs ino=23325 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:49 fedora6 kernel: audit(1166282629.780:65): avc: denied { read write } for pid=6056 comm="ip" name="[24542]"
dev=sockfs ino=24542 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:49 fedora6 kernel: audit(1166282629.788:66): avc: denied { read write } for pid=6057 comm="ip" name="[23325]"
dev=sockfs ino=23325 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:49 fedora6 kernel: audit(1166282629.788:67): avc: denied { read write } for pid=6057 comm="ip" name="[24542]"
dev=sockfs ino=24542 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:50 fedora6 kernel: NET: Unregistered protocol family 15
Dec 16 17:23:50 fedora6 ipsec_setup: ...Openswan IPsec stopped
Dec 16 17:23:51 fedora6 kernel: NET: Registered protocol family 15
Dec 16 17:23:51 fedora6 kernel: padlock: VIA PadLock not detected.
Dec 16 17:23:51 fedora6 ipsec_setup: KLIPS ipsec0 on eth0 192.168.1.253/255.255.255.0 broadcast 192.168.1.255
Dec 16 17:23:51 fedora6 ipsec_setup: ...Openswan IPsec started
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.320:68): avc: denied { read write } for pid=6234 comm="ip" name="[24653]"
dev=sockfs ino=24653 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.320:69): avc: denied { read write } for pid=6234 comm="ip" name="[24778]"
dev=sockfs ino=24778 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.348:70): avc: denied { read write } for pid=6238 comm="ip" name="[24653]"
dev=sockfs ino=24653 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.348:71): avc: denied { read write } for pid=6238 comm="ip" name="[24778]"
dev=sockfs ino=24778 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.356:72): avc: denied { read write } for pid=6239 comm="ip" name="[24653]"
dev=sockfs ino=24653 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 kernel: audit(1166282632.356:73): avc: denied { read write } for pid=6239 comm="ip" name="[24778]"
dev=sockfs ino=24778 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket
Dec 16 17:23:52 fedora6 ipsec__plutorun: 104 "yenibosna-kadikoy" #1: STATE_MAIN_I1: initiate
Dec 16 17:23:52 fedora6 ipsec__plutorun: ...could not start conn "xyz"
-----------------------------------------------------------------------------------------------------------
The system messages
[root at fedora6 ~]# service ipsec restart
Starting IPsec: Starting Openswan IPsec 2.4.5...
insmod /lib/modules/2.6.18-1.2798.fc6/kernel/net/key/af_key.ko
insmod /lib/modules/2.6.18-1.2798.fc6/kernel/net/ipv4/xfrm4_tunnel.ko
insmod /lib/modules/2.6.18-1.2798.fc6/kernel/drivers/crypto/padlock.ko
FATAL: Error inserting padlock (/lib/modules/2.6.18-1.2798.fc6/kernel/drivers/crypto/padlock.ko): No such device
[ OK ]
---------------------------------------------------------------------------------
[root at fedora6 ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
#http://www.wlug.org.nz/FreeSwanToCiscoPix
#http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch35_:_Configuring_Linux_VPNs#Introduction
# basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
nat_traversal=yes
conn xyz
type= tunnel
authby= secret
#RRT
left= 212.x7x.x0.x7
#leftsubnet= 172.16.10.0/24
leftsubnet= 192.168.1.0/24
leftnexthop= 212.175.40.1
#SAA
right= 88.x4x.x7x.9x
rightsubnet= 10.34.1.0/24
rightnexthop=
esp= 3des-md5
keyexchange= ike
pfs= no
auto= start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
any help wilbe apriciated..Thank you
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061216/09868131/attachment-0001.html
More information about the Users
mailing list