[Openswan Users] Subnets conmunication?
IT Dept.
it at technovation.com.sv
Tue Jun 5 15:00:24 EDT 2007
Here is:
Jun 5 13:58:02 vpn syslogd 1.4.1#17ubuntu7: restart.
Jun 5 13:58:02 vpn kernel: Cannot find map file.
Jun 5 13:58:02 vpn kernel: No module symbols loaded - kernel modules not
enabled.
Jun 5 13:58:02 vpn kernel: Bootdata ok (command line is root=/dev/sda1 ro
3)
Jun 5 13:58:02 vpn kernel: Linux version 2.6.16.29-xen (shand at endor) (gcc
version 3.4.4 20050314 (prerelease) (Debian 3.4.3-13)) #3 SMP Sun Oct 15
13:15:34 BST 2006
Jun 5 13:58:02 vpn kernel: BIOS-provided physical RAM map:
Jun 5 13:58:02 vpn kernel: Xen: 0000000000000000 - 000000001f000000
(usable)
Jun 5 13:58:02 vpn kernel: On node 0 totalpages: 126976
Jun 5 13:58:02 vpn kernel: DMA zone: 126976 pages, LIFO batch:31
Jun 5 13:58:02 vpn kernel: DMA32 zone: 0 pages, LIFO batch:0
Jun 5 13:58:02 vpn kernel: Normal zone: 0 pages, LIFO batch:0
Jun 5 13:58:02 vpn kernel: HighMem zone: 0 pages, LIFO batch:0
Jun 5 13:58:02 vpn kernel: No mptable found.
Jun 5 13:58:02 vpn kernel: Built 1 zonelists
Jun 5 13:58:02 vpn kernel: Kernel command line: root=/dev/sda1 ro 3
Jun 5 13:58:02 vpn kernel: Initializing CPU#0
Jun 5 13:58:02 vpn kernel: PID hash table entries: 2048 (order: 11, 65536
bytes)
Jun 5 13:58:02 vpn kernel: Xen reported: 1795.496 MHz processor.
Jun 5 13:58:02 vpn kernel: Dentry cache hash table entries: 65536 (order:
7, 524288 bytes)
Jun 5 13:58:02 vpn kernel: Inode-cache hash table entries: 32768 (order: 6,
262144 bytes)
Jun 5 13:58:02 vpn kernel: Software IO TLB disabled
Jun 5 13:58:02 vpn kernel: Memory: 483452k/507904k available (1918k kernel
code, 15628k reserved, 809k data, 168k init)
Jun 5 13:58:02 vpn kernel: Calibrating delay using timer specific routine..
3592.77 BogoMIPS (lpj=17963870)
Jun 5 13:58:02 vpn kernel: Security Framework v1.0.0 initialized
Jun 5 13:58:02 vpn kernel: Capability LSM initialized
Jun 5 13:58:02 vpn ipsec__plutorun: 104 "branch_40_to_centralbw_50" #1:
STATE_MAIN_I1: initiate
Jun 5 13:58:02 vpn ipsec__plutorun: ...could not start conn
"branch_40_to_centralbw_50"
Jun 5 13:58:02 vpn kernel: Mount-cache hash table entries: 256
Jun 5 13:58:02 vpn kernel: CPU: L1 I Cache: 64K (64 bytes/line), D cache
64K (64 bytes/line)
Jun 5 13:58:02 vpn kernel: CPU: L2 Cache: 1024K (64 bytes/line)
Jun 5 13:58:02 vpn kernel: Brought up 1 CPUs
Jun 5 13:58:02 vpn kernel: migration_cost=0
Jun 5 13:58:02 vpn kernel: checking if image is initramfs... it is
Jun 5 13:58:02 vpn kernel: Freeing initrd memory: 1859k freed
Jun 5 13:58:02 vpn kernel: DMI not present or invalid.
Jun 5 13:58:02 vpn kernel: Grant table initialized
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 16
Jun 5 13:58:02 vpn kernel: Initializing CPU#1
Jun 5 13:58:02 vpn kernel: migration_cost=967
Jun 5 13:58:02 vpn kernel: Brought up 2 CPUs
Jun 5 13:58:02 vpn kernel: PCI: setting up Xen PCI frontend stub
Jun 5 13:58:02 vpn kernel: ACPI: Subsystem revision 20060127
Jun 5 13:58:02 vpn kernel: ACPI: Interpreter disabled.
Jun 5 13:58:02 vpn kernel: Linux Plug and Play Support v0.97 (c) Adam Belay
Jun 5 13:58:02 vpn kernel: pnp: PnP ACPI: disabled
Jun 5 13:58:02 vpn kernel: xen_mem: Initialising balloon driver.
Jun 5 13:58:02 vpn kernel: PCI: System does not support PCI
Jun 5 13:58:02 vpn kernel: PCI: System does not support PCI
Jun 5 13:58:02 vpn kernel: pnp: the driver 'system' has been registered
Jun 5 13:58:02 vpn kernel: IA-32 Microcode Update Driver: v1.14-xen
<tigran at veritas.com>
Jun 5 13:58:02 vpn kernel: IA32 emulation $Id: sys_ia32.c,v 1.32 2002/03/24
13:02:28 ak Exp $
Jun 5 13:58:02 vpn kernel: audit: initializing netlink socket (disabled)
Jun 5 13:58:02 vpn kernel: audit(1181069856.905:1): initialized
Jun 5 13:58:02 vpn kernel: VFS: Disk quotas dquot_6.5.1
Jun 5 13:58:02 vpn kernel: Dquot-cache hash table entries: 512 (order 0,
4096 bytes)
Jun 5 13:58:02 vpn kernel: Initializing Cryptographic API
Jun 5 13:58:02 vpn kernel: io scheduler noop registered
Jun 5 13:58:02 vpn kernel: io scheduler anticipatory registered
Jun 5 13:58:02 vpn kernel: io scheduler deadline registered
Jun 5 13:58:02 vpn kernel: io scheduler cfq registered (default)
Jun 5 13:58:02 vpn kernel: rtc: IRQ 8 is not free.
Jun 5 13:58:02 vpn kernel: Non-volatile memory driver v1.2
Jun 5 13:58:02 vpn kernel: pnp: the driver 'i8042 kbd' has been registered
Jun 5 13:58:02 vpn kernel: pnp: the driver 'i8042 aux' has been registered
Jun 5 13:58:02 vpn kernel: pnp: the driver 'i8042 kbd' has been
unregistered
Jun 5 13:58:02 vpn kernel: pnp: the driver 'i8042 aux' has been
unregistered
Jun 5 13:58:02 vpn kernel: PNP: No PS/2 controller found. Probing ports
directly.
Jun 5 13:58:02 vpn kernel: i8042.c: No controller found.
Jun 5 13:58:02 vpn kernel: RAMDISK driver initialized: 16 RAM disks of
16384K size 1024 blocksize
Jun 5 13:58:02 vpn kernel: loop: loaded (max 8 devices)
Jun 5 13:58:02 vpn kernel: Xen virtual console successfully installed as
tty1
Jun 5 13:58:02 vpn kernel: Event-channel device installed.
Jun 5 13:58:02 vpn kernel: netfront: Initialising virtual ethernet driver.
Jun 5 13:58:02 vpn kernel: Uniform Multi-Platform E-IDE driver Revision:
7.00alpha2
Jun 5 13:58:02 vpn kernel: ide: Assuming 50MHz system bus speed for PIO
modes; override with idebus=xx
Jun 5 13:58:02 vpn kernel: pnp: the driver 'ide' has been registered
Jun 5 13:58:02 vpn kernel: mice: PS/2 mouse device common for all mice
Jun 5 13:58:02 vpn kernel: md: md driver 0.90.3 MAX_MD_DEVS=256,
MD_SB_DISKS=27
Jun 5 13:58:02 vpn kernel: md: bitmap version 4.39
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 2
Jun 5 13:58:02 vpn kernel: netfront: device eth0 has flipping receive path.
Jun 5 13:58:02 vpn kernel: IP route cache hash table entries: 4096 (order:
3, 32768 bytes)
Jun 5 13:58:02 vpn kernel: TCP established hash table entries: 16384
(order: 6, 262144 bytes)
Jun 5 13:58:02 vpn kernel: TCP bind hash table entries: 16384 (order: 6,
262144 bytes)
Jun 5 13:58:02 vpn kernel: TCP: Hash tables configured (established 16384
bind 16384)
Jun 5 13:58:02 vpn kernel: TCP reno registered
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 1
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 17
Jun 5 13:58:02 vpn kernel: Registering block device major 8
Jun 5 13:58:02 vpn kernel: kjournald starting. Commit interval 5 seconds
Jun 5 13:58:02 vpn kernel: EXT3-fs: mounted filesystem with ordered data
mode.
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 10
Jun 5 13:58:02 vpn kernel: lo: Disabled Privacy Extensions
Jun 5 13:58:02 vpn kernel: IPv6 over IPv4 tunneling driver
Jun 5 13:58:02 vpn kernel: pnp: the driver 'parport_pc' has been registered
Jun 5 13:58:02 vpn kernel: lp: driver loaded but no devices found
Jun 5 13:58:02 vpn kernel: Adding 999416k swap on /dev/sda2. Priority:-1
extents:1 across:999416k
Jun 5 13:58:02 vpn kernel: EXT3 FS on sda1, internal journal
Jun 5 13:58:02 vpn kernel: device-mapper: 4.5.0-ioctl (2005-10-04)
initialised: dm-devel at redhat.com
Jun 5 13:58:02 vpn kernel: NET: Registered protocol family 15
Jun 5 13:58:02 vpn kernel: Initializing IPsec netlink socket
Jun 5 13:58:02 vpn ipsec__plutorun: 029 "centralbw_50_to_branch_40": cannot
initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jun 5 13:58:02 vpn ipsec__plutorun: ...could not start conn
"centralbw_50_to_branch_40"
Jun 5 13:58:03 vpn kernel: eth0: no IPv6 routers present
Jun 5 13:58:03 vpn ipsec_setup: Openswan IPsec apparently already running,
start aborted
Jun 5 13:58:03 vpn /usr/sbin/cron[1554]: (CRON) INFO (pidfile fd = 3)
Jun 5 13:58:03 vpn /usr/sbin/cron[1555]: (CRON) STARTUP (fork ok)
Jun 5 13:58:03 vpn /usr/sbin/cron[1555]: (CRON) INFO (Running @reboot jobs)
Hector
-----Mensaje original-----
De: Peter McGill [mailto:petermcgill at goco.net]
Enviado el: Martes, 05 de Junio de 2007 12:55 p.m.
Para: 'IT Dept.'
CC: users at openswan.org
Asunto: RE: [Openswan Users] Subnets conmunication?
> -----Original Message-----
> From: IT Dept. [mailto:it at technovation.com.sv]
> Sent: June 5, 2007 2:43 PM
> To: petermcgill at goco.net
> Cc: users at openswan.org
> Subject: RE: [Openswan Users] Subnets conmunication?
>
> root at vpn:~# ipsec version
> Linux Openswan U2.4.4/K2.6.16.29-xen (netkey)
> See `ipsec --copyright' for copyright information.
> root at vpn:~#
>
> root at vpn:~# ipsec verify
> Checking your system to see if IPsec got installed and
> started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.4/K2.6.16.29-xen (netkey)
> Checking for IPsec support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [N/A]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Checking for 'setkey' command for NETKEY IPsec stack support [OK]
> Opportunistic Encryption Support
> [DISABLED]
> root at vpn:~#
>
> root at vpn:~# ipsec eroute
> /usr/lib/ipsec/eroute: NETKEY does not support eroute table.
> root at vpn:~#
The above look ok, we don't need eroute it's just a easy way to check
Tunnel status. But I will need some log info to determine where error is.
egrep -e 'pluto' /var/log/*
Filter by date/time to only get the recent restart and connections.
> Ill be wait for your help....my boss wanna hang me...LOL
>
> Regards
>
> Hector
>
> -----Mensaje original-----
> De: Peter McGill [mailto:petermcgill at goco.net]
> Enviado el: Martes, 05 de Junio de 2007 12:37 p.m.
> Para: 'IT Dept.'
> CC: users at openswan.org
> Asunto: RE: [Openswan Users] Subnets conmunication?
>
> > -----Original Message-----
> > From: IT Dept. [mailto:it at technovation.com.sv]
> > Sent: June 5, 2007 2:00 PM
> > To: petermcgill at goco.net
> > Cc: users at openswan.org
> > Subject: RE: [Openswan Users] Subnets conmunication?
> > Importance: High
> >
> > Hi again...
> >
> > Thanks for the your help....i cant get communication yet.
> >
> > Here is my last conf...im only using two branches to
> > make it more
> > simple...
> >
> > # /etc/ipsec.conf - Openswan IPsec configuration file
> > # RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
> >
> > # This file: /usr/share/doc/openswan/ipsec.conf-sample
> > #
> > # Manual: ipsec.conf.5
> >
> >
> > version 2.0 # conforms to second version of
> > ipsec.conf specification
> >
> > # basic configuration
> > config setup
> > forwardcontrol=yes
> > nat_traversal=yes
> > # plutodebug / klipsdebug = "all", "none" or a
> > combation from below:
> > # "raw crypt parsing emitting control klips pfkey natt
> > x509 private"
> > # eg:
> > # plutodebug="control parsing"
> > #
> > # Only enable klipsdebug=all if you are a developer
> > #
> > # NAT-TRAVERSAL support, see README.NAT-Traversal
> > # nat_traversal=yes
> > #
> > virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
> >
> > #Disable Opportunistic Encryption
> > include /etc/ipsec.d/examples/no_oe.conf
> >
> > conn branch_40
> > also=branch_40_shared
> > rightsubnet=192.168.40.0/24
> > auto=start
> >
> > conn centralbw_50
> > also=centralbw_50_shared
> > rightsubnet=192.168.50.0/24
> > auto=add
> >
> > conn branch_40_to_centralbw_50
> > also=branch_40_shared
> > leftsubnet=192.168.50.0/24
> > rightsubnet=192.168.40.0/24
> > auto=start
> >
> > conn centralbw_50_to_branch_40
> > also=centralbw_50_shared
> > leftsubnet=192.168.40.0/24
> > rightsubnet=192.168.50.0/24
> > auto=add
> >
> > conn branch_40_shared
> > authby=secret
> > compress=no
> > ikelifetime=240m
> > keyexchange=ike
> > keylife=60m
> > left=208.70.149.161
> > leftnexthop=208.70.149.166
> > pfs=yes
> > right=190.53.0.113
> > rightnexthop=190.53.0.1
> >
> > conn centralbw_50_shared
> > authby=secret
> > compress=no
> > ikelifetime=240m
> > keyexchange=ike
> > keylife=60m
> > left=208.70.149.161
> > leftnexthop=208.70.149.166
> > pfs=yes
> > right=%any
> >
> >
> > in auth.log I get that conn branch_40_shared starts fine, but
> > I need to
> > manually start conn centralbw_50_shared from the linksys
> > router, and them
> > the conn´s between dosent start...
>
> First off the shared conn's should never be started, they're not
> Real conn's just shared information used by other conn's.
> Also it would be easier to test with the static ip sites, rather than
> Centralbw. With centralbw linksys must initiate the
> connection for it to
> work.
>
> Show us these outputs.
> ipsec version
> ipsec verify
> ipsec eroute
>
> Lastly, restart openswan, and reconnect the linksys tunnels.
> Get the restart and connect logs by...
> egrep -e 'pluto' /var/log/*
> Filter by date/time to only get the recent restart and connections.
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.9/832 - Release Date: 04/06/2007
06:43 p.m.
More information about the Users
mailing list