[Openswan Users] IPSEC Tunnel To NETASQ
Luc MAIGNAN
luc.maignan at winxpert.com
Mon Dec 20 06:29:49 EST 2010
" ipsec auto --up ses " gives :
ipsec auto --up ses
104 "ses" #4: STATE_MAIN_I1: initiate
010 "ses" #4: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "ses" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "ses" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "ses" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
010 "ses" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
"ipsec verify" gives:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.31/K2.6.35.9-64.fc14.x86_64 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Le 20/12/10 12:21, Paul Wouters a écrit :
> On Mon, 20 Dec 2010, Luc MAIGNAN wrote:
>
>> Yes, your tip succeeded to remove my error message !!!
>>
>> But unfortunaly, the connection isn't yet up.
>>
>> It looks like I fall in timeout during phase 2.
>
> check /var/log/secure or /var/log/auth* for log messages?
>
> Or show the output of:
>
> ipsec auto --replace ses
> ipsec auto --up ses
>
> you might also want to check your system with:
>
> ipsec verify
>
> Paul
More information about the Users
mailing list