[Openswan Users] Upgrading ClarkConnect from v4.3 to 5.0 gives errors in OPenswan
Nick Howitt
n1ck.h0w1tt at gmail.com
Sun Jul 26 03:28:11 EDT 2009
Hi,
I have just upgrases my O/S from ClarkConnect CE 4.3 to 5.0 (based on
Centos 5.3). I also upgraded the supplied Openswan from 2.6.14 to
2.6.22, and now I get a bunch of errors and a couple of key values do
not work. I did have 2.6.22 running under CC 4.3 with no errors.
I get the same errors with the supplied 2.6.14 and 2.6.22.
When I start ipsec, in /var/log/secure I get:
Jul 26 07:59:41 server pluto[21391]: Using Linux 2.6 IPsec interface
code on 2.6.18-128.2.16.v5 (experimental code)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_add(): ERROR: Algorithm
already exists
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_add(): ERROR: Algorithm
already exists
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_add(): ERROR: Algorithm
already exists
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_add(): ERROR: Algorithm
already exists
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jul 26 07:59:42 server pluto[21391]: ike_alg_add(): ERROR: Algorithm
already exists
Jul 26 07:59:42 server pluto[21391]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)
Also, if I have left=%defaultroute in my default conn I get the
following in /var/log/messages:
Jul 26 08:11:09 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:11:09 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:11:09 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:11:09 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:11:10 server ipsec__plutorun: 021 no connection named "MumOut"
Jul 26 08:11:10 server ipsec__plutorun: 000 initiating all conns with
alias='MumOut'
Jul 26 08:11:10 server ipsec__plutorun: 021 no connection named "MumOut"
MumOut is in its own conf file.
and also in /var/log/messages:
Jul 26 08:15:54 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:15:54 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:15:54 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:15:54 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:15:54 server ipsec__plutorun: 021 no connection named "MumOut"
Jul 26 08:15:54 server ipsec__plutorun: 000 initiating all conns with
alias='MumOut'
Jul 26 08:15:54 server ipsec__plutorun: 021 no connection named "MumOut"
With left=%defaultroute in my default conn and right=%any in conn Mark
(in ipsec.conf) in /var/log/secure I get:
Jul 26 08:15:54 server pluto[23198]: connection must specify host IP
address for our side
Jul 26 08:15:54 server pluto[23198]: attempt to load incomplete connection
Jul 26 08:15:54 server pluto[23198]: connection must specify host IP
address for our side
Jul 26 08:15:54 server pluto[23198]: attempt to load incomplete connection
and in /var/log/messages I get:
Jul 26 08:15:54 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:15:54 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:15:54 server ipsec__plutorun: 022 connection must specify host
IP address for our side
Jul 26 08:15:54 server ipsec__plutorun: 037 attempt to load incomplete
connection
Jul 26 08:15:54 server ipsec__plutorun: 021 no connection named "MumOut"
Jul 26 08:15:54 server ipsec__plutorun: 000 initiating all conns with
alias='MumOut'
Jul 26 08:15:54 server ipsec__plutorun: 021 no connection named "MumOut"
but both tunnels fail. There is something very odd as the same setup
used to work in CC4.3 and 2.6.22. It looks like something in CC5 is
broken so it cannot find %defaultroute or %any. FQDN's work OK.
Please can you help. The %any is especially important as it takes
roadwarrior FQDN's a long time to propagate through the Dynamic DNS system.
Thanks,
Nick
More information about the Users
mailing list