[Openswan Users] 2.6.23 vs kernel 2.6.29 - ipsec not exit
Paul Wouters
paul at xelerance.com
Wed Oct 7 16:08:30 EDT 2009
On Wed, 7 Oct 2009, Szél Gábor wrote:
> i use ipsec setup --showonly start / stop
> and copy this output the bash script. If i use this script then ipsec
> starting normaly (ipsec setup --status not working)
What happens?
>> I have a problem, i want use openswan 2.6.23 on Ubuntu 9.04 X64 Server.
>> I download openswan source, and make ipsec module (if i compille module,
>> and make ipsec programs, i use: export KLIPSCOMPILE="-m64
>> -mno-red-zones", export USER_COMPILE="-m64".
-mno-red-zones is only for (old?) AMD CPU's. I would stick with the defaults
for KLIPSCOMPILE and USER_COMPILE.
>> Oct 7 13:02:07 BeLa ipsec__plutorun: 104 "xxx" #1: STATE_MAIN_I1: initiate
>> Oct 7 13:02:07 BeLa ipsec__plutorun: 104 "xxx" #2: STATE_MAIN_I1: initiate
>> Oct 7 13:02:07 BeLa ipsec__plutorun: 104 "xxx" #3: STATE_MAIN_I1: initiate
>> Oct 7 13:02:07 BeLa ipsec__plutorun: 104 "xxx" #4: STATE_MAIN_I1: initiate
Are you firewalling on the machine (or the other remote endpoint?)
>> has /var/run/pluto/ipsec.info file!
>> An normal Pluto is active?
>> some (5) eroutes exist!
That's odd, what does "ipsec eroute" say. Looks like it worked at some
point if you have this.
>> # ------------------------------------
>> # basic configuration
>> config setup
>> interfaces="ipsec0=eth0"
>> #plutoload=%search
>> #plutostart=%search
>> uniqueids=yes
>>
>> # ------------------
>> nat_traversal=no
>> oe=off
>> protostack=klips
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
You cannot have empty lines in a section, so this has caused these 4 options
to be ignored. This probably caused oe=on, which is causing your problems.
>> # ---- logs -----
>>
>> # --- debug ------
>> plutodebug=all
>> klipsdebug=none
>> plutostderrlog=/tmp/pluto.log
These were also ignored.
Paul
More information about the Users
mailing list