[Openswan Users] Ipsec over Fedora Core 4

Thu Nov 16 09:27:57 EST 2006

You should be getting a lot more log entries than that.

Try: egrep -e 'pluto' /var/log/*
Or: ipsec barf

Starting with something similar to this:
Nov 13 12:35:05 sheridan ipsec__plutorun: Starting Pluto subsystem...
Nov 13 12:35:05 sheridan pluto[25518]: Starting Pluto (Openswan Version 2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; 
Vendor ID OEN|EMqk_Mlg)
Granted I have a newer version, but I've used 2.4.4, and the logging hasn't changed much since then.

Maybe someone else has an idea?

Peter McGill
----- Original Message ----- 
From: "Andre Monroy" <amonroy at goodfoodssa.com>
To: "'Peter McGill'" <petermcgill at goco.net>
Sent: Wednesday, November 15, 2006 5:23 PM
Subject: RE: Ipsec over Fedora Core 4

>> left=[192.168.16.12
> I'm sorry, that was only a email typo
> I was [probing your tips, but my vpn tunnel it doesn't works, I was cheking
> my logs before your mail, but anything, I don't have any Pluto error, just
> appears:
> #############################33
> pluto[8561]: adding interface eth0/eth0 192.168.16.13:500
> pluto[8561]: adding interface eth0/eth0 192.168.16.13:4500
> #############################
> And the same with eth1 and lo, after that appears
> #######################
> pluto[8561]: loading secrets from "/etc/ipsec.secrets"
> ######################
> And that's all....
> If you have another idea, please sendme, y was searching in the web, but I
> don't find any answer to my trouble.
> Many thanks
>
> André Monroy Tenorio
> Soporte Técnico y Redes
> Telf:4170700 ( 596 )
> Nextel. 408*3459
> Cel 93449199
>
>
> -----Mensaje original-----
> De: Peter McGill [mailto:petermcgill at goco.net]
> Enviado el: Miércoles, 15 de Noviembre de 2006 02:11 p.m.
> Para: amonroy at goodfoodssa.com
> CC: users at openswan.org; jcruz at goodfoodssa.com
> Asunto: Re: Ipsec over Fedora Core 4
>
>> left=[192.168.16.12
>
> Is this just an email typo? There should be no "[" after the "=".
>
> I see both your left and right parameters are in the private address space.
> This isn't intended to work through internet? Perhaps just testing at this
> point?
>
> Check your logs for pluto error messages.
> Maybe /var/log/syslog or /var/log/secure, or something else depending on
> your system.
>
> If both sides are using openswan then I wouldn't use authby=secret, use the
> default authby=rsa instead.
>
> On each system:
> ipsec newhostkey --output /etc/ipsec.secrets --hostname <your hostname>
>
> Then on each system:
> ipsec showhostkey --left
>
> Copy the showhostkey output to the local ipsec.conf.
> Then copy the showhostkey output to the remote ipsec.conf,
> changing left to right. (Note this is a public key, so you don't have to be
> insanely secure when coping it, just don't let anyone see the private key
> in your ipsec.secrets file.)
>
> Peter
> 