[Openswan Users] Openswan doesn't starts because pluto is down
Jorge Jimenez
jorge.jimenez at pross.com
Thu Dec 24 03:25:39 EST 2009
Sorry Paul,
Copy/paste doesn't show fine. I try to send it another time.
[root at pross-mon01 log]# /etc/init.d/ipsec start
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
[root at pross-mon01 log]# grep pluto secure
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
[root at pross-mon01 log]# grep pluto messages
Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
¡Feliz Navidad y Prospero 2010!
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Jorge Jimenez
Enviado el: jueves, 24 de diciembre de 2009 9:22
Para: Paul Wouters
CC: users at openswan.org; Jorge Jimenez
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
Hi Paul,
Here you are. When I try to start ipsec, it only writes logs in secure and messages files:
[root at pross-mon01 log]# /etc/init.d/ipsec start
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
[root at pross-mon01 log]# grep pluto secure
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
[root at pross-mon01 log]# grep pluto messages
Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
Thanks and kind Regards
¡Feliz Navidad y Prospero 2010!
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviado el: jueves, 24 de diciembre de 2009 5:39
Para: Jorge Jimenez
CC: users at openswan.org
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
On Wed, 23 Dec 2009, Jorge Jimenez wrote:
> Thanks for your quickly answer!
> Sorry for my English...
> I only see in my logs what I sended... How can I increase my logs? What can I do to help you to find the problem...
Check all the logs in /var/log/*
for instance:
grep pluto /var/log/*
Paul
> Thanks and kind regards
>
>
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
> -----Mensaje original-----
> De: Paul Wouters [mailto:paul at xelerance.com]
> Enviado el: miércoles, 23 de diciembre de 2009 20:01
> Para: Jorge Jimenez
> CC: users at openswan.org
> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>
> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>
>> Date: Wed, 23 Dec 2009 17:14:59 +0100
>> From: Jorge Jimenez <jorge.jimenez at pross.com>
>> Cc: Jorge Jimenez <jorge.jimenez at pross.com>
>> To: "users at openswan.org" <users at openswan.org>
>> Subject: [Openswan Users] Openswan doesn't starts because pluto is down
>
>> I’ve installed Openswan and it doesn’t work.
>
> It looks like your pluto is crashing. Please check the logs for a more detailed
> message. I don't see it below.
>
> Paul
>
>> My message log is:
>>
>>
>>
>> Dec 23 18:14:28 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>
>> Dec 23 18:14:28 pross-mon01 kernel: NET: Unregistered protocol family 15
>>
>> Dec 23 18:14:28 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>
>> Dec 23 18:14:32 pross-mon01 kernel: NET: Registered protocol family 15
>>
>> Dec 23 18:14:32 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>
>> Dec 23 18:14:33 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>
>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>
>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>
>> Dec 23 18:14:33 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
>> /proc/sys/crypto/fips_enabled
>>
>> Dec 23 18:14:33 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>> /proc/sys/crypto/fips_enabled
>>
>> Dec 23 18:14:33 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>> /proc/sys/crypto/fips_enabled
>>
>> Dec 23 18:14:33 pross-mon01 ipsec_starter[19297]: connect(pluto_ctl) failed: No such file or directory
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>> /proc/sys/crypto/fips_enabled
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>
>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>
>> Dec 23 18:14:34 pross-mon01 last message repeated 2 times
>>
>> Dec 23 18:14:34 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>
>>
>>
>> And my ipsec.conf file is:
>>
>>
>>
>> version 2.0
>>
>>
>>
>> config setup
>>
>> # Debug-logging controls:
>>
>> protostack=netkey
>>
>> #klipsdebug=none
>>
>> klipsdebug="all"
>>
>> plutodebug="all"
>>
>> #plutodebug=none
>>
>> nat_traversal=yes
>>
>> # interfaces = "ipsec0=eth0"
>>
>>
>>
>> conn iberobrico
>>
>> auto=start
>>
>> left=%defaultroute
>>
>> # leftprotoport=17/1701
>>
>> #leftsubnet=10.10.100.0/24
>>
>> right=xxx.xxx.xxx.xxx
>>
>> # rightprotoport=17/1701
>>
>> rightsubnet=172.254.100.0/24
>>
>> #rightid=%any
>>
>> keyexchange=ike
>>
>> authby=secret
>>
>> pfs=no
>>
>> rekey=yes
>>
>> keyingtries=0
>>
>> # type=transport
>>
>> esp=3des
>>
>> #auth=esp
>>
>> compress=yes
>>
>>
>>
>> Can someone help me please.
>>
>>
>>
>> Kind Regards
>>
>>
>>
>> PROSS Nevado
>>
>> ¡Feliz Navidad y Prospero 2010!
>>
>>
>>
>> Jorge Jiménez Miguélez
>>
>> Avinguda Diagonal, 605 - 4ª Planta
>> 08028 - Barcelona
>>
>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>> http://www.pross.com
>>
>>
>>
>>
>>
>>
>>
>
>
More information about the Users
mailing list