[Openswan Users] openswan VPN problems

Ni Wenjuan niwj at cn.fujitsu.com
Wed Jul 29 21:28:42 EDT 2009


Paul Wouters 写道:
> On Wed, 29 Jul 2009, Ni Wenjuan wrote:
> 
>> hi, I encounter some problems when I using openswan-2.6.31 to 
>> configure a VPN.
>>
>> Fist , when I start ipsec service with the command "ipsec setup 
>> start", the
>> information " padlock: VIA padlock not detected" shows on the screen.
>>
>> Second, when I do "ipsec auto --up vpn " it just shows the following 
>> information
>>
>> 104 "net-to-net" #1: STATE_MAIN_I1: initiate
>> 003 "net-to-net" #1: received Vendor ID payload [Openswan (this 
>> version) 2.6.21]
>> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
>> 003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set 
>> to=109
>>
>> and after a few secods the information "padlock: VIA padlock not 
>> detected"
>> appears again.
> 

if we do "ipsec auto --up vpn " successfully ,after STATE_MAIN_I1, it will do 

STATE_MAIN_I2,STATE_MAIN_I3,STATE_MAIN_I4.... why it just does STATE_MAIN_I1 
here? Does PADLOCK have something to do with this problem?


> That message only appears on startup when modprobe'ing modules. This
> means your openswan is crashing and restarting. I suggest you add
> 
> dumpdir=/var/run/pluto
> ipsecrestartoncrash=false
> 
> to "config setup" in ipsec.conf, and debug what's going on with the pluto
> core dump in /var/run/pluto. (you might need to change ulimit settings or
> sysctl settings to allow core dumps)
> 

  When I add ipsecrestartoncrash=false to "config setup " , it shows unexpected 
String [ipsecrestartoncrash].

thanks

Wenjian Ni



More information about the Users mailing list