[Openswan Users] KIPS broken, NETKEY works (Was: Changed certificates and it stopped working)

Paul Wouters paul at xelerance.com
Sat Nov 4 16:23:17 EST 2006

On Sat, 4 Nov 2006, Turbo Fredriksson wrote:

> >> I also noticed that my Internet connection didn't
> >> work any more (i.e., I couldn't "surf the web").
> >> Doing a trace to any IP on the Internet stops
> >> at workfw VLAN IP (ppp0:
> >
> > include /etc/ipsec.d/examples/no_oe.conf
> It IS included... Or do you mean that's the problem?
> No, without it it doesn't work at all. The link comes
> up, but I can't ping the other end of the VPN link.
> ----- s n i p -----
> Nov  4 11:42:16 workfw pluto[2750]: ignoring duplicate netlink acquire event for <WORKFW_IP> to
> Nov  4 11:42:17 workfw pluto[2750]: Can not opportunistically initiate for to KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of workfw.: Host name lookup failure

This shows an opportunistic attempt. It also shows a netlink acquire. So you ARE
running NETKEY wtih opportunistic encryption enabled. So the include is not
working or not there or you added it without restartin?


More information about the Users mailing list