[Openswan Users] Lack of Logs

Karl Page karl.page at gmail.com
Sun Feb 7 17:05:55 EST 2010 

Im pretty new to openswan, running it on Ubuntu 9.10 the logs that I'm
looking at dont appear to be nearly detailed enough, I must be missing
something. Basically the IPSEC vpn i'm setting up and testing is failing and
the logs im looking at aren't explicit enough, looking at syslogs, and
auth.log (attached), IPSEC.conf included which looks fine to me. I did see a
post about another set of logs under a directory called "secure" hoping to
see loads of the IPSEC but cant find one Also looked in the folder called
PLUTO, expecting a full log for that host address  as per

plutodebug="all" &
plutoopts="--perpeerlog"

 and nothing!

Anyway, HELP!

Cheers

Karl
London, Uk

CONFIG:

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.
conf-sample
#
# Manual:     ipsec.conf.5


version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Do not set debug options to debug configuration issues!
    interfaces="%defaultroute "
    plutodebug="all"
    klipsdebug="all"
    # plutodebug / klipsdebug = "none", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
    # eg:
    # plutodebug="control parsing"
    #
    # enable to get logs per-peer
    plutoopts="--perpeerlog"
    #
    # Again: only enable plutodebug or klipsdebug when asked by a developer
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=yes
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    virtual_private=%v4:
10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%4:!192.168.1.0/255.255.255.0<http://10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%4%3A%21192.168.1.0/255.255.255.0>
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. netkey,klips,mast,auto or none
    protostack=auto
    uniqueids=yes


conn %default
    keyingtries=0
    disablearrivalcheck=no


conn secnet
    left=192.168.15.120
    leftnexthop=%defaultroute
    leftsubnet=192.168.1.0/255.255.255.0
    right=172.16.1.1
    ike=aes256-md5-modp1024!
    esp=aes256-md5!
    phase2=ESP
    ikelifetime=1h
    keylife=8h
    aggrmode=yes
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    pfs=yes
    authby=secret
    auto=add

auth.log attached
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100207/9b822ceb/attachment.html

More information about the Users mailing list