[Openswan Users] Difficulties

João Kuchnier joao.kuchnier at gmail.com
Tue Jun 16 07:45:57 EDT 2009 

------- Mensagem original --------
Assunto: 	Re: [Openswan Users] Difficulties
Data: 	Mon, 15 Jun 2009 16:48:24 -0400 (EDT)
De: 	Paul Wouters <paul at xelerance.com>
Para: 	João Kuchnier <joao.kuchnier at gmail.com>
CC: 	users at openswan.org
Referências: 	<ea9aae430906150622u257bde67w109d6331fc447c38 at mail.gmail.com>
<1245077959.3991.17.camel at canyon.wittsend.com>
<ea9aae430906150938g35dc118es3dd2beefd4180fd3 at mail.gmail.com>


On Mon, 15 Jun 2009, João Kuchnier wrote:

> I think VPN is estabilshed. Openswan log:
>
> "conn1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> "conn1" #1: Main mode peer ID is ID_IPV4_ADDR: '200.xxx.xxx.xxx'
> "conn1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> "conn1" #1: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1024}
> "conn2" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW
> {using isakmp#1 msgid:12baf275 proposal=3DES(3)_192-MD5(1)_128
> pfsgroup=no-pfs}
> "conn1" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW
> {using isakmp#1 msgid:136cd5e6 proposal=3DES(3)_192-MD5(1)_128
> pfsgroup=no-pfs}
> "conn2" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
> "conn2" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
> {ESP=>0x076a6e29 <0xd46295eb xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
> DPD=none}
> "conn1" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
> "conn1" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
> {ESP=>0x05f8a6d9 <0xa2b8414a xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
> DPD=none}

Two tunnels are up?

--> Yes, I have two tunnels (two different subnets) with the same end.
Is this a problem or openswan can manage that?

>>
>>        What do you mean "it stops here"?  Does it hang or return you to the
>> command prompt?  I'm not sure what distro you're running this from but
>> you need to provide some logs from /var/log/secure.
>>
>
> The cursor stays locked... and it is still locked...

If you are on Debian and /bin/sh is linked to dash, file a bug report to Debian
or "dash". If not, then I am not sure why the shell is hanging.

--> Dispite of that, I thin the tunnels are established.

Paul

--> João

More information about the Users mailing list