[Openswan Users] openswan VPN problems
Paul Wouters
paul at xelerance.com
Wed Jul 29 23:37:42 EDT 2009
On Thu, 30 Jul 2009, Ni Wenjuan wrote:
>>> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
>>> 003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set
>>> to=109
>>>
>>> and after a few secods the information "padlock: VIA padlock not detected"
>>> appears again.
>>
>
> if we do "ipsec auto --up vpn " successfully ,after STATE_MAIN_I1, it will do
> STATE_MAIN_I2,STATE_MAIN_I3,STATE_MAIN_I4.... why it just does STATE_MAIN_I1
> here? Does PADLOCK have something to do with this problem?
No the padlock has nothing to do with this. Your openswan simply crashed and
restarted, and during the daemon startup, openswan tries to load any potential
padlock crypto module.
>> That message only appears on startup when modprobe'ing modules. This
>> means your openswan is crashing and restarting. I suggest you add
>>
>> dumpdir=/var/run/pluto
>> ipsecrestartoncrash=false
>>
>> to "config setup" in ipsec.conf, and debug what's going on with the pluto
>> core dump in /var/run/pluto. (you might need to change ulimit settings or
>> sysctl settings to allow core dumps)
>>
>
> When I add ipsecrestartoncrash=false to "config setup " , it shows
> unexpected String [ipsecrestartoncrash].
Sorry, that should be plutorestartoncrash=no
Note that it just prevents the restart. You will still have to investigate
the crasher.
Paul
More information about the Users
mailing list