[Openswan Users] what am I missing.... reward for the one who can help me out!

Sven J. van Rooij sven at digitalcarmel.net
Tue May 19 18:10:52 EDT 2009 

I upgraded my Openswan to 2.4.14, Clark Connect Box....

 

I get my tunnel, but I can't ping the host on the other side????

 

It must be something really silly!

 

 

May 19 15:08:27 firewall ipsec__plutorun: Unknown default RSA hostkey
scheme, not generating a default hostkey

May 19 15:08:27 firewall ipsec__plutorun: Starting Pluto subsystem...

May 19 15:08:27 firewall pluto[3081]: Starting Pluto (Openswan Version
2.4.14 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZRk_LhnSNc)

May 19 15:08:27 firewall pluto[3081]: Setting NAT-Traversal port-4500
floating to off

May 19 15:08:27 firewall pluto[3081]: port floating activation criteria
nat_t=0/port_fload=1

May 19 15:08:27 firewall pluto[3081]: including NAT-Traversal patch
(Version 0.6c) [disabled]

May 19 15:08:27 firewall pluto[3081]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)

May 19 15:08:27 firewall pluto[3081]: starting up 1 cryptographic
helpers

May 19 15:08:27 firewall pluto[3081]: started helper pid=3089 (fd:6)

May 19 15:08:27 firewall pluto[3081]: Using NETKEY IPsec interface code
on 2.6.18-93.cc4

May 19 15:08:28 firewall pluto[3081]: Changing to directory
'/etc/ipsec.d/cacerts'

May 19 15:08:28 firewall pluto[3081]: Changing to directory
'/etc/ipsec.d/aacerts'

May 19 15:08:28 firewall pluto[3081]: Changing to directory
'/etc/ipsec.d/ocspcerts'

May 19 15:08:28 firewall pluto[3081]: Changing to directory
'/etc/ipsec.d/crls'

May 19 15:08:28 firewall pluto[3081]: Warning: empty directory

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.secrets"

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.CCC.secrets"

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.CHOMP.secrets"

May 19 15:08:28 firewall pluto[3081]: added connection description "CCC"

May 19 15:08:28 firewall pluto[3081]: listening for IKE messages

May 19 15:08:28 firewall pluto[3081]: adding interface eth3/eth3
12.54.126.107:500

May 19 15:08:28 firewall pluto[3081]: adding interface eth2/eth2
10.0.0.1:500

May 19 15:08:28 firewall pluto[3081]: adding interface eth1/eth1
192.168.112.1:500

May 19 15:08:28 firewall pluto[3081]: adding interface eth0/eth0
12.54.126.106:500

May 19 15:08:28 firewall pluto[3081]: adding interface lo/lo
127.0.0.1:500

May 19 15:08:28 firewall pluto[3081]: adding interface lo/lo ::1:500

May 19 15:08:28 firewall pluto[3081]: forgetting secrets

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.secrets"

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.CCC.secrets"

May 19 15:08:28 firewall pluto[3081]: loading secrets from
"/etc/ipsec.CHOMP.secrets"

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: initiating Main Mode

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: ignoring unknown Vendor
ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: received Vendor ID
payload [Dead Peer Detection]

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: ignoring Vendor ID
payload [HeartBeat Notify 386b0100]

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: STATE_MAIN_I2: sent MI2,
expecting MR2

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: I did not send a
certificate because I do not have one.

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: STATE_MAIN_I3: sent MI3,
expecting MR3

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: Main mode peer ID is
ID_IPV4_ADDR: '206.71.166.194'

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4

May 19 15:08:28 firewall pluto[3081]: "CCC" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}

May 19 15:08:28 firewall pluto[3081]: "CCC" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}

May 19 15:08:28 firewall pluto[3081]: "CCC" #2: ignoring informational
payload, type IPSEC_RESPONDER_LIFETIME

May 19 15:08:28 firewall pluto[3081]: "CCC" #2: transition from state
STATE_QUICK_I1 to state STATE_Q

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090519/ce02bc5a/attachment.html

More information about the Users mailing list