[Openswan Users] Openswan network to network example

Paul Wouters paul at xelerance.com
Fri Feb 13 14:56:17 EST 2009

On Fri, 13 Feb 2009, Enrique Bonet wrote:


> Using Fedora 10 (kernel and Openswan 2.4.9-2, the
> following configuration file (/etc/ipsec.conf) works correctly:

> However, using Openswan 2.6.19-1, the following example does not work
> (I have made many attempts to change parameters and this is my last
> trial):

> Running ipsec auto --up host1-host2 the command "service ipsec status"
> returns:
> Ipsec running - pluto pid: XXXX
> pluto pid XXXX
> No tunnels up

Can you tell us what "ip xfrm policy" and "ip xfrm state" say in both

> I have analyzed the network packets with Wireshark and the packet
> interchange seems to be correct (nine packets, six Identity Protection
> (Main Mode) and three Quick Mode).

Use plutodebug=all and check syslog on both ends for much more information.

Also, please try openswan 2.6.20. Fedora might not yet have packaged it up,
but you should be able to build it with their spec file. Eg:

yum install yum-utils rpm-build
yumdownloader --source openswan
rpm -ihv openswan*src.rpm
download openswan-2.6.20.tar.gz
edit /usr/src/redhat/SPECS/openswan.spec and just change the verison from
2.6.19 to 2.6.20.
(or try the spec file in openswan-2.6.20/packaging/fedora/openswan.spec,
but it will have more changes compared to your 2.6.19 rpm.


More information about the Users mailing list