[Openswan Users] problems with: could not start conn "tunnel"

Vida Luz Arista viaris at gmail.com
Tue Mar 28 18:08:59 CEST 2006 

Hi,

In /var/log/secure I have the follwing message:

Mar 28 16:22:28 ns pluto[5175]: Could not change to directory
'/etc/ipsec.d/ocspcerts'
Mar 28 16:22:28 ns pluto[5175]: Could not change to directory
'/etc/ipsec.d/crls'
Mar 28 16:22:28 ns pluto[5175]: added connection description "tunnelipsec"
Mar 28 16:22:28 ns pluto[5175]: listening for IKE messages
Mar 28 16:22:28 ns pluto[5175]: adding interface eth1/eth1 172.16.1.1:500
Mar 28 16:22:28 ns pluto[5175]: adding interface eth0/eth0 165.98.224.82:500
Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo 127.0.0.1:500
Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo ::1:500
Mar 28 16:22:28 ns pluto[5175]: loading secrets from "/etc/ipsec.secrets"
Mar 28 16:22:29 ns pluto[5175]: "tunnelipsec" #1: initiating Main Mode

In /var/log/message I hace the following messages:

Mar 28 16:21:47 ns ipsec__plutorun: 104 "tunnelipsec" #1: STATE_MAIN_I1:
initiate
Mar 28 16:21:47 ns ipsec__plutorun: ...could not start conn "tunnelipsec"
Mar 28 16:21:51 ns kernel: ip_tables: (C) 2000-2002 Netfilter core team
Mar 28 16:22:21 ns kernel: NET: Unregistered protocol family 15
Mar 28 16:22:21 ns ipsec_setup: ...Openswan IPsec stopped
Mar 28 16:22:28 ns kernel: NET: Registered protocol family 15
Mar 28 16:22:28 ns ipsec_setup: KLIPS ipsec0 on eth0
165.98.224.82/255.255.255.252 broadcast 165.98.224.83
Mar 28 16:22:28 ns ipsec_setup: ...Openswan IPsec started
Mar 28 16:22:29 ns ipsec__plutorun: 104 "tunnelipsec" #1: STATE_MAIN_I1:
initiate
Mar 28 16:22:29 ns ipsec__plutorun: ...could not start conn "tunnelipsec"

Thanks,



On 3/28/06, ted leslie <tleslie at tcn.net> wrote:
>
> where is this error showing?
> if you do a
> ipsec auto --up tunnelipsec
>
> you should see useful info appear ...
> or run a status command to maybe in a barf
>
> take out auto start and start it manually
>
> -tl
>
>
> On Tue, 28 Mar 2006 15:41:34 -0600
> "Vida Luz Arista" <viaris at gmail.com> wrote:
>
> > Hi All,
> >
> > I have installed tpm openswan for Fedora Version 4, I need to establish
> a
> > vpn with a cisco 800, the problem es that the VPN can't be established,
> the
> > message error in my linux is: ipsec__plutorun: ...could not start conn
> > "tunnelipsec"
> >
> > I don't have firewall then I Haven't iptables rules, If I don't have
> > firewall I need iptables rules ? is necesary?
> >
> > My configuration is:
> >
> > ipsec.conf
> > =========
> >
> > # /etc/ipsec.conf - Openswan IPsec configuration file
> >         #ike=            "3des-md5-modp768"
> >
> > version 2.0
> >
> > config setup
> >         interfaces="ipsec0=eth0"
> >         klipsdebug=none
> >         plutodebug=none
> >         forwardcontrol=yes
> >
> > conn tunnelipsec
> >         type=tunnel
> >         left=165.98.224.82
> >         leftsubnet=172.16.1.0/24
> >         right= 165.98.236.214
> >         rightsubnet=172.16.26.0/24
> >         esp=3des-md5-96
> >         keyexchange=ike
> >         pfs=no
> >         authby=secret
> >         ikelifetime=7800
> >         compress=no
> >         auto=start
> >
> > include /etc/ipsec.d/no_oe.conf
> >
> > ipsec.secrets
> >
> > =========
> >
> > 165.98.224.82 165.98.236.214: PSK "vp17226"
> >
> >
> >
> > Configuration for the router is:
> >
> >
> >
> > crypto isakmp policy 10
> >  encr 3des
> >  hash md5
> >  authentication pre-share
> > crypto isakmp key vp17226 address 165.98.224.82
> > !
> > !
> > crypto ipsec transform-set DICE esp-3des esp-sha-hmac
> > !
> > crypto map DICE 10 ipsec-isakmp
> >  set peer 165.98.224.82
> >  set transform-set DICE
> >  match address 100
> >
> > interface Ethernet1
> >  description PRIVADA
> >  ip address 165.98.236.214 255.255.255.252
> >  duplex auto
> >  crypto map DICE
> >
> >
> >
> > Somebody can help me? I need suggestions.
> >
> >
> >
> > Thanks in Advanced.
> >
> > Regards.
> >
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060328/b4844464/attachment-0001.htm

More information about the Users mailing list