[Openswan Users] openswan VPN problems

Paul Wouters paul at xelerance.com
Wed Jul 29 23:37:42 EDT 2009

On Thu, 30 Jul 2009, Ni Wenjuan wrote:

>>> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
>>> 003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set 
>>> to=109
>>> and after a few secods the information "padlock: VIA padlock not detected"
>>> appears again.
> if we do "ipsec auto --up vpn " successfully ,after STATE_MAIN_I1, it will do 
> here? Does PADLOCK have something to do with this problem?

No the padlock has nothing to do with this. Your openswan simply crashed and
restarted, and during the daemon startup, openswan tries to load any potential
padlock crypto module.

>> That message only appears on startup when modprobe'ing modules. This
>> means your openswan is crashing and restarting. I suggest you add
>> dumpdir=/var/run/pluto
>> ipsecrestartoncrash=false
>> to "config setup" in ipsec.conf, and debug what's going on with the pluto
>> core dump in /var/run/pluto. (you might need to change ulimit settings or
>> sysctl settings to allow core dumps)
> When I add ipsecrestartoncrash=false to "config setup " , it shows 
> unexpected String [ipsecrestartoncrash].

Sorry, that should be plutorestartoncrash=no

Note that it just prevents the restart. You will still have to investigate
the crasher.


More information about the Users mailing list