FW: [Openswan Users] Openswan 2.2.0 shows its runnint but tunnel

Charles Tompkins crt at thig.com
Tue Jun 20 16:51:51 CEST 2006 

I have seen this message only when there is more than one default gateway on
the machine when ipsec is try to start/initialize.  You might have to change
ipsec.conf to say:
interfaces="ipsec0=eth0"
instead of:
interfaces=%defaultroute

Regards,
-Charles



-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of John Serink
Sent: Tuesday, June 20, 2006 7:25 AM
To: users at openswan.org
Subject: [Openswan Users] Openswan 2.2.0 shows its runnint but tunnel down

Hi All:

I had 4 Linux routers with Openswan 2.2.0 undebian go
down simultaneously. They would NOT respond to my ssh
connection over their ADSL port(ppp1) so had to go in
via dial up over ppp0. Check this out:
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Tue Jun 20 09:40:14 2006 from
112-98.dsl.connexus.net.au

Welcome to SNYPRouter (rev rr1.7.2) (Webmin
1.160-2.rr61)  SN RX1K-0406-0192   19:02:08 up 13
days,  6:29
Temperature +42.5 C (+108.5 F)  Disk 77%  Memory 26%
No Alarms

SNYPRouter:~# ipsec look
SNYPRouter Tue Jun 20 19:02:15 SGT 2006
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
grep: /proc/net/ipsec_tncfg: No such file or directory
sort: open failed: /proc/net/ipsec_spi: No such file
or directory
Destination     Gateway         Genmask         Flags 
 MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     
   0 0          0 ppp1
192.168.1.0     160.96.97.248   255.255.255.240 UG    
   0 0          0 ppp1
220.255.161.1   0.0.0.0         255.255.255.255 UH    
   0 0          0 ppp1
SNYPRouter:~# ipsec setup status
IPsec running
but...
KLIPS module is not loaded!
SNYPRouter:~# ping 192.168.1.1
connect: Resource temporarily unavailable
SNYPRouter:~# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
    link/ether 00:0a:dc:04:75:1c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.65/28 brd 192.168.1.255 scope
global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
    link/ether 00:0a:dc:04:75:1d brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global
eth2
6: w1adsl: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
    link/ether 00:77:77:77:7b:a4 brd ff:ff:ff:ff:ff:ff
10: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1452
qdisc pfifo_fast qlen 3
    link/ppp
    inet 220.255.21.42 peer 220.255.161.1/32 scope
global ppp1
11: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500
qdisc pfifo_fast qlen 3
    link/ppp
    inet 192.168.1.75 peer 192.168.1.76/32 scope
global ppp0


ppp1 looks fine, but can't ssh to it. Also, check out
the response from the ping 192.168.1.1, that is a VERY
strange error message but a clue.

I tried an ipsec setup restart but got this:
SNYPRouter:~# ipsec setup restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec
U2.2.0/K2.6.8-16-486-rx...
ipsec_setup: no default route, %defaultroute cannot
cope!!!

Has anybody seen this before?
The only cure was a reboot.

Using the Netkey stack under Linux 2.6.8,

Cheers,
John

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155




CONFIDENTIAL NOTICE: This email including any attachments, contains 
confidential information belonging to the sender. It may also be 
privileged or otherwise protected by work product immunity or other 
legal rules. This information is intended only for the use of the 
individual or entity named above.  If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, 
distribution or the taking of any action in reliance on the contents 
of this emailed information is strictly prohibited.  If you have 
received this email in error, please immediately notify us by 
reply email of the error and then delete this email immediately.

More information about the Users mailing list