FW: [Openswan Users] Openswan 2.2.0 shows its runnint but tunnel
Charles Tompkins
crt at thig.com
Tue Jun 20 16:51:51 CEST 2006
I have seen this message only when there is more than one default gateway on
the machine when ipsec is try to start/initialize. You might have to change
ipsec.conf to say:
interfaces="ipsec0=eth0"
instead of:
interfaces=%defaultroute
Regards,
-Charles
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of John Serink
Sent: Tuesday, June 20, 2006 7:25 AM
To: users at openswan.org
Subject: [Openswan Users] Openswan 2.2.0 shows its runnint but tunnel down
Hi All:
I had 4 Linux routers with Openswan 2.2.0 undebian go
down simultaneously. They would NOT respond to my ssh
connection over their ADSL port(ppp1) so had to go in
via dial up over ppp0. Check this out:
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Tue Jun 20 09:40:14 2006 from
112-98.dsl.connexus.net.au
Welcome to SNYPRouter (rev rr1.7.2) (Webmin
1.160-2.rr61) SN RX1K-0406-0192 19:02:08 up 13
days, 6:29
Temperature +42.5 C (+108.5 F) Disk 77% Memory 26%
No Alarms
SNYPRouter:~# ipsec look
SNYPRouter Tue Jun 20 19:02:15 SGT 2006
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
grep: /proc/net/ipsec_tncfg: No such file or directory
sort: open failed: /proc/net/ipsec_spi: No such file
or directory
Destination Gateway Genmask Flags
MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U
0 0 0 ppp1
192.168.1.0 160.96.97.248 255.255.255.240 UG
0 0 0 ppp1
220.255.161.1 0.0.0.0 255.255.255.255 UH
0 0 0 ppp1
SNYPRouter:~# ipsec setup status
IPsec running
but...
KLIPS module is not loaded!
SNYPRouter:~# ping 192.168.1.1
connect: Resource temporarily unavailable
SNYPRouter:~# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
link/ether 00:0a:dc:04:75:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.65/28 brd 192.168.1.255 scope
global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
link/ether 00:0a:dc:04:75:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global
eth2
6: w1adsl: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
link/ether 00:77:77:77:7b:a4 brd ff:ff:ff:ff:ff:ff
10: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1452
qdisc pfifo_fast qlen 3
link/ppp
inet 220.255.21.42 peer 220.255.161.1/32 scope
global ppp1
11: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500
qdisc pfifo_fast qlen 3
link/ppp
inet 192.168.1.75 peer 192.168.1.76/32 scope
global ppp0
ppp1 looks fine, but can't ssh to it. Also, check out
the response from the ping 192.168.1.1, that is a VERY
strange error message but a clue.
I tried an ipsec setup restart but got this:
SNYPRouter:~# ipsec setup restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec
U2.2.0/K2.6.8-16-486-rx...
ipsec_setup: no default route, %defaultroute cannot
cope!!!
Has anybody seen this before?
The only cure was a reboot.
Using the Netkey stack under Linux 2.6.8,
Cheers,
John
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
CONFIDENTIAL NOTICE: This email including any attachments, contains
confidential information belonging to the sender. It may also be
privileged or otherwise protected by work product immunity or other
legal rules. This information is intended only for the use of the
individual or entity named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this emailed information is strictly prohibited. If you have
received this email in error, please immediately notify us by
reply email of the error and then delete this email immediately.
More information about the Users
mailing list