[Openswan Users] 024 need --listen before --initiate and some hints

Andrea Mennini andrea at mennini.org
Tue May 16 18:22:05 CEST 2006 

Paul Wouters wrote:
>>     klipsdebug=all
>>     plutodebug=all
> don't do that.

Why? Anyway, set both to none

> You did not start openswan, or it immediately crashed.

I did, and it seems not crashed, except for "Could not change to 
directory" messagges...BTW why does this happen?

This is a snippet from /var/log/secure:


May 16 17:13:04 localhost ipsec__plutorun: Starting Pluto subsystem...
May 16 17:13:05 localhost pluto[4351]: Starting Pluto (Openswan Version 
2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID 
OEz}FFFfgr_e)
May 16 17:13:05 localhost pluto[4351]: Setting NAT-Traversal port-4500 
floating to off
May 16 17:13:05 localhost pluto[4351]:    port floating activation 
criteria nat_t=0/port_fload=1
May 16 17:13:05 localhost pluto[4351]:   including NAT-Traversal patch 
(Version 0.6c) [disabled]
May 16 17:13:05 localhost pluto[4351]: ike_alg_register_enc(): 
Activating OAKLEY_AES_CBC: Ok (ret=0)
May 16 17:13:05 localhost pluto[4351]: starting up 1 cryptographic helpers
May 16 17:13:05 localhost pluto[4351]: started helper pid=4353 (fd:6)
May 16 17:13:05 localhost pluto[4351]: Using Linux 2.6 IPsec interface 
code on 2.6.16-1.2108_FC4
May 16 17:13:07 localhost pluto[4351]: Could not change to directory 
'/etc/ipsec.d/cacerts'
May 16 17:13:07 localhost pluto[4351]: Could not change to directory 
'/etc/ipsec.d/aacerts'
May 16 17:13:07 localhost pluto[4351]: Could not change to directory 
'/etc/ipsec.d/ocspcerts'
May 16 17:13:07 localhost pluto[4351]: Could not change to directory 
'/etc/ipsec.d/crls'
May 16 17:13:12 localhost pluto[4351]: listening for IKE messages
May 16 17:13:12 localhost pluto[4351]: adding interface eth0/eth0 
10.20.1.2:500
May 16 17:13:12 localhost pluto[4351]: adding interface lo/lo 127.0.0.1:500
May 16 17:13:12 localhost pluto[4351]: adding interface lo/lo ::1:500
May 16 17:13:12 localhost pluto[4351]: loading secrets from 
"/etc/ipsec.secrets"


Thanks!
-- 

Andrea

ICQ:5459894
Registered Linux User #24583

More information about the Users mailing list