[Openswan Users] KIPS broken, NETKEY works (Was: Changed certificates and it stopped working)
Paul Wouters
paul at xelerance.com
Sat Nov 4 16:23:17 EST 2006
On Sat, 4 Nov 2006, Turbo Fredriksson wrote:
> >> I also noticed that my Internet connection didn't
> >> work any more (i.e., I couldn't "surf the web").
> >> Doing a trace to any IP on the Internet stops
> >> at workfw VLAN IP (ppp0:192.168.100.254).
> >
> > include /etc/ipsec.d/examples/no_oe.conf
>
> It IS included... Or do you mean that's the problem?
> No, without it it doesn't work at all. The link comes
> up, but I can't ping the other end of the VPN link.
>
> ----- s n i p -----
> Nov 4 11:42:16 workfw pluto[2750]: ignoring duplicate netlink acquire event for <WORKFW_IP> to 128.8.10.90
> Nov 4 11:42:17 workfw pluto[2750]: Can not opportunistically initiate for 192.168.1.2 to 192.12.94.30: KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of workfw.: Host name lookup failure
This shows an opportunistic attempt. It also shows a netlink acquire. So you ARE
running NETKEY wtih opportunistic encryption enabled. So the include is not
working or not there or you added it without restartin?
Paul
More information about the Users
mailing list