[Openswan Users] openswan VPN problems
Ni Wenjuan
niwj at cn.fujitsu.com
Wed Jul 29 21:28:42 EDT 2009
Paul Wouters 写道:
> On Wed, 29 Jul 2009, Ni Wenjuan wrote:
>
>> hi, I encounter some problems when I using openswan-2.6.31 to
>> configure a VPN.
>>
>> Fist , when I start ipsec service with the command "ipsec setup
>> start", the
>> information " padlock: VIA padlock not detected" shows on the screen.
>>
>> Second, when I do "ipsec auto --up vpn " it just shows the following
>> information
>>
>> 104 "net-to-net" #1: STATE_MAIN_I1: initiate
>> 003 "net-to-net" #1: received Vendor ID payload [Openswan (this
>> version) 2.6.21]
>> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
>> 003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set
>> to=109
>>
>> and after a few secods the information "padlock: VIA padlock not
>> detected"
>> appears again.
>
if we do "ipsec auto --up vpn " successfully ,after STATE_MAIN_I1, it will do
STATE_MAIN_I2,STATE_MAIN_I3,STATE_MAIN_I4.... why it just does STATE_MAIN_I1
here? Does PADLOCK have something to do with this problem?
> That message only appears on startup when modprobe'ing modules. This
> means your openswan is crashing and restarting. I suggest you add
>
> dumpdir=/var/run/pluto
> ipsecrestartoncrash=false
>
> to "config setup" in ipsec.conf, and debug what's going on with the pluto
> core dump in /var/run/pluto. (you might need to change ulimit settings or
> sysctl settings to allow core dumps)
>
When I add ipsecrestartoncrash=false to "config setup " , it shows unexpected
String [ipsecrestartoncrash].
thanks
Wenjian Ni
More information about the Users
mailing list