[Openswan Users] (no subject)

coffee coffee_ccc at 163.com
Wed Nov 7 22:20:54 EST 2007 

Hi,all
        I've found log file in debian  -- /var/log/auth.log . I start pluto with 'ipsec pluto ' as 'ipsec verify' has some failed . Look at the output info

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
Checking for IPsec support in kernel                        	[OK]
NETKEY detected, testing for disabled ICMP send_redirects   	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking for RSA private key (/etc/ipsec.secrets)           	[OK]
Checking that pluto is running                              	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[N/A]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: debian              	[MISSING]
  debian TXT record not found, server failure
   Does the machine have at least one non-private address?  	[FAILED]

and should I need run 'ipsec pluto' or other commands?

  
And  in the log file  there are some info  following :

Nov  7 21:10:00 debian pluto[2756]: Setting NAT-Traversal port-4500 floating to off
Nov  7 21:10:00 debian pluto[2756]:    port floating activation criteria nat_t=0/port_fload=1
Nov  7 21:10:00 debian pluto[2756]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Nov  7 21:10:00 debian pluto[2756]: WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
Nov  7 21:10:00 debian pluto[2756]: WARNING: Using /dev/urandom as the source of random
Nov  7 21:10:00 debian pluto[2756]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Nov  7 21:10:00 debian pluto[2756]: starting up 1 cryptographic helpers
Nov  7 21:10:00 debian pluto[2757]: WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
Nov  7 21:10:00 debian pluto[2757]: WARNING: Using /dev/urandom as the source of random
Nov  7 21:10:00 debian pluto[2756]: started helper pid=2757 (fd:6)
Nov  7 21:10:00 debian pluto[2756]: Using Linux 2.6 IPsec interface code on 2.6.18-4-686
Nov  7 21:10:00 debian pluto[2756]: Changing to directory '/etc/ipsec.d/cacerts'
Nov  7 21:10:00 debian pluto[2756]: Changing to directory '/etc/ipsec.d/aacerts'
Nov  7 21:10:00 debian pluto[2756]: Changing to directory '/etc/ipsec.d/ocspcerts'
Nov  7 21:10:00 debian pluto[2756]: Changing to directory '/etc/ipsec.d/crls'
Nov  7 21:10:00 debian pluto[2756]:   Warning: empty directory

	What's wrong?   As the webpage's instruction, there is not a command to run ipsec -- conn L2TP-PSK I mean.
    It's only modify ipsec.conf and ipsec.secret .Yes I do follow it.
    Is that all ?
	
	

Thanks
 				

coffee

More information about the Users mailing list