[Openswan Users] ARM error--firewall_notified: false

李正光 xjklee at gmail.com
Wed Oct 3 12:49:05 EDT 2007 

Dear all:
I installed openswan 2.4.9 on ARM linux 2.4.19
my config file is as follows:

config setup
 klipsdebug=all
 plutodebug=all
 nat_traversal=yes
 interfaces="%defaultroute"

include /etc/ipsec.d/examples/no_oe.conf

conn net-to-net
 left=%defaultroute
 leftsubnet=192.168.0.0/24
 leftnexthop=%defaultroute
 leftcert=/etc/ipsec.d/mycert2.pem
 leftrsasigkey=%cert
 right=211.78.84.93
 rightsubnet=10.2.111.0/24
 rightid="@SSG550.sti.com.tw"
 rightnexthop=%defaultroute
 auto=add
 pfs=no

The error message started :

------------------------------------------------------------------------------------------------------------------------------
pluto[2176]: | command executing up-client

pluto[2176]: |   trusted_ca called with a=C=TW, ST=Taiwan, L=Taipei,
O=Dawningtech, OU=Support, CN=Dawningtech b=(empty)

pluto[2176]: | executing up-client: 2>&1 PLUTO_VERSION='1.1'
PLUTO_VERB='up-client' PLUTO_CONNECTION='net-to-net' PLUTO_NEXT_HOP='
192.168.0.1' PLUTO_INTERFACE='ipsec0' PLUTO_ME='192.168.0.200'
PLUTO_MY_ID='C=TW, ST=Taiwan, L=Taipei, O=Dawningtech, OU=Support, CN=IPSEC'
PLUTO_MY_CLIENT='192.168.0.0/24' PLUTO_MY_CLIENT_NET='192.168.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='211.78.84.93' PLUTO_PEER_ID='@SSG550.sti.com.tw'PLUTO_PEER_CLIENT='
10.2.111.0/24' PLUTO_PEER_CLIENT_NET='10.2.111.0' PLUTO_PEER_CLIENT_MASK='
255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0'
PLUTO_PEER_CA='C=TW, ST=Taiwan, L=Taipei, O=Dawningtech, OU=Support,
CN=Dawningtech' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+UP'   ipsec _updown

pluto[2176]: "net-to-net" #2: up-client output: ip: an inet address is
expected rather than "cache".

pluto[2176]: "net-to-net" #2: up-client command exited with status 1

pluto[2176]: | route_and_eroute: firewall_notified: false

pluto[2176]: | eroute_connection delete eroute 192.168.0.0/24:0 --0->
10.2.111.0/24:0 => tun.1002 at 211.78.84.93 (raw_eroute)

..............................................


003 "net-to-net" #2: discarding duplicate packet; already STATE_QUICK_I1
pluto[2176]: | next event EVENT_RETRANSMIT in 39 seconds for #2

----------------------------------------------------------------------------------------------------------------------------------

After my debugging, I found this problem happened because "ip route flush
cache"
command in uprule() of /usr/local/lib/ipsec/_updown file.

 On my arm box,there is no "ip route flush cache" command to execute,so the
security tunnel

can't setup completely.



Anyone can give me direction to solve the problem !

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071004/ebd65264/attachment.html

More information about the Users mailing list