[Openswan Users] Configuration question

Douglas Caro douglas.caro at lightcomm.com.br
Fri Aug 27 13:47:22 EDT 2010


Hello Paul, thanks for help.

I already see the auth log, and the last lines are:

Aug 27 14:30:01 eolo pluto[5453]: | sending 84 bytes for delete notify 
through eth0:500 to [CompanyIP]:
Aug 27 14:30:01 eolo pluto[5453]: |   19 aa 5d 6d  3a bd ba e4  5a 17 03 
97  77 ea 8b 0a
Aug 27 14:30:01 eolo pluto[5453]: |   08 10 05 01  34 86 73 c4  00 00 00 
54  ae 21 16 d6
Aug 27 14:30:01 eolo pluto[5453]: |   7e b6 79 52  c8 89 6c 64  52 78 34 
38  1b 2e 05 e3
Aug 27 14:30:01 eolo pluto[5453]: |   17 ca d1 d1  7a 89 f4 44  82 b7 7d 
b1  95 96 7d f4
Aug 27 14:30:01 eolo pluto[5453]: |   a6 04 5a 50  c1 03 6b 65  28 af 5f 
db  65 bd 6b 4a
Aug 27 14:30:01 eolo pluto[5453]: |   06 50 51 7b
Aug 27 14:30:01 eolo pluto[5453]: | no suspended cryptographic state for 1
Aug 27 14:30:01 eolo pluto[5453]: | del:  19 aa 5d 6d  3a bd ba e4  5a 
17 03 97  77 ea 8b 0a
Aug 27 14:30:01 eolo pluto[5453]: packet from [CompanyIP]:500: received 
and ignored informational message
Aug 27 14:30:01 eolo pluto[5453]: | complete state transition with 
STF_IGNORE
Aug 27 14:30:01 eolo pluto[5453]: | next event EVENT_RETRANSMIT in 10 
seconds for #2

After this, there are only stop command messages!

The company says I'm doing requests for the entire network, but I can 
only make for one IP, as follows:

Aug 27 10:47:31 vpnbuecos %ASA-7-713222: Group = [MyIP], IP = [MyIP], 
Static Crypto Map check, map = outside_map, seq = 58, ACL does not match 
proxy IDs src:192.168.5.0 dst:10.0.0.0

The company also gave me a list of encrypted domains, as follows:

Encrypted Domain

10.65.72.129
10.75.253.31
10.69.72.63
10.75.253.30
10.75.248.44
10.75.248.52
172.30.3.70

Does anyone know what this is about and how do I configure my openswan?

Thanks so much!

Douglas


Paul Wouters wrote:
> On Fri, 27 Aug 2010, Douglas Caro wrote:
>
>> conn CompanyName
>>        auto=start
>>        left=192.168.5.26
>>        leftid=ValidIP
>>        leftnexthop=192.168.5.1
>>        leftsubnet=192.168.5.0/24
>>        right=CompanyIP
>>        rightsubnet=10.0.0.0/8
>>        authby=secret
>>        pfs=yes
>>        type=tunnel
>>
>> ================
>>
>> In the syslog, I have:
>>
>> kernel: NET: Unregistered protocol family 15
>> ipsec_setup: ...Openswan IPsec stopped
>> ipsec_setup: Stopping Openswan IPsec...
>> kernel: NET: Registered protocol family 15
>> kernel: padlock: VIA PadLock not detected.
>> kernel: Initializing IPsec netlink socket
>> ipsec_setup: NETKEY on eth0 192.168.5.26/255.255.255.128 broadcast
>> 192.168.5.127
>> ipsec_setup: ...Openswan IPsec started
>> ipsec_setup: Starting Openswan IPsec 2.4.12...
>> ipsec__plutorun: 104 "CompanyName" #1: STATE_MAIN_I1: initiate
>> ipsec__plutorun: ...could not start conn "CompanyName"
>
> These are not the actual logs, just the startup logs. Look for log
> entries with "pluto" in it. Usually /var/log/secure or /var/log/auth*
>
> Paul



More information about the Users mailing list