[Openswan Users] Openswan doesn't starts because pluto is down
Jorge Jimenez
jorge.jimenez at pross.com
Mon Jan 4 06:24:31 EST 2010
Hi Paul,
Could you help us please?
Thanks and kind regards
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
________________________________________
De: Jorge Jimenez
Enviado el: lunes, 28 de diciembre de 2009 23:03
Para: Paul Wouters
CC: users at openswan.org; Jorge Jimenez
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
Hi Paul,
Thanks for your answers and sorry for my openswan level but I receive our linux machine with this software and We need it and It doesn't work.
What do we need to make a ipsec tunnel with preshared key? With NSS or without? And If we plan to use it with more ipsec tunnels what do we need?
Thanks and kind regards
¡Feliz Navidad y Prospero 2010!
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviado el: lunes, 28 de diciembre de 2009 15:03
Para: Jorge Jimenez
CC: users at openswan.org
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
On Mon, 28 Dec 2009, Jorge Jimenez wrote:
> Have you seen my logs? What do you think about?
You need to either migrate your configuration to use NSS, or you
need to recompile openswan without NSS. I assume you're using a
binary package from fedora or rhel, so check /usr/share/doc/opnswan*
Paul
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
> -----Mensaje original-----
> De: Jorge Jimenez
> Enviado el: jueves, 24 de diciembre de 2009 9:26
> Para: Jorge Jimenez; Paul Wouters
> CC: users at openswan.org
> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>
> Sorry Paul,
>
> Copy/paste doesn't show fine. I try to send it another time.
>
> [root at pross-mon01 log]# /etc/init.d/ipsec start
> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>
> [root at pross-mon01 log]# grep pluto secure
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>
> [root at pross-mon01 log]# grep pluto messages
> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>
>
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
>
> -----Mensaje original-----
> De: Jorge Jimenez
> Enviado el: jueves, 24 de diciembre de 2009 9:22
> Para: Paul Wouters
> CC: users at openswan.org; Jorge Jimenez
> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>
> Hi Paul,
>
> Here you are. When I try to start ipsec, it only writes logs in secure and messages files:
>
> [root at pross-mon01 log]# /etc/init.d/ipsec start
> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>
> [root at pross-mon01 log]# grep pluto secure
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>
> [root at pross-mon01 log]# grep pluto messages
> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>
> Thanks and kind Regards
>
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
> -----Mensaje original-----
> De: Paul Wouters [mailto:paul at xelerance.com]
> Enviado el: jueves, 24 de diciembre de 2009 5:39
> Para: Jorge Jimenez
> CC: users at openswan.org
> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>
> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>
>> Thanks for your quickly answer!
>> Sorry for my English...
>> I only see in my logs what I sended... How can I increase my logs? What can I do to help you to find the problem...
>
> Check all the logs in /var/log/*
> for instance:
>
> grep pluto /var/log/*
>
> Paul
>
>> Thanks and kind regards
>>
>>
>> ¡Feliz Navidad y Prospero 2010!
>>
>> Jorge Jiménez Miguélez
>> Avinguda Diagonal, 605 - 4ª Planta
>> 08028 - Barcelona
>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>> http://www.pross.com
>>
>>
>> -----Mensaje original-----
>> De: Paul Wouters [mailto:paul at xelerance.com]
>> Enviado el: miércoles, 23 de diciembre de 2009 20:01
>> Para: Jorge Jimenez
>> CC: users at openswan.org
>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>
>> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>>
>>> Date: Wed, 23 Dec 2009 17:14:59 +0100
>>> From: Jorge Jimenez <jorge.jimenez at pross.com>
>>> Cc: Jorge Jimenez <jorge.jimenez at pross.com>
>>> To: "users at openswan.org" <users at openswan.org>
>>> Subject: [Openswan Users] Openswan doesn't starts because pluto is down
>>
>>> I’ve installed Openswan and it doesn’t work.
>>
>> It looks like your pluto is crashing. Please check the logs for a more detailed
>> message. I don't see it below.
>>
>> Paul
>>
>>> My message log is:
>>>
>>>
>>>
>>> Dec 23 18:14:28 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>>
>>> Dec 23 18:14:28 pross-mon01 kernel: NET: Unregistered protocol family 15
>>>
>>> Dec 23 18:14:28 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>>
>>> Dec 23 18:14:32 pross-mon01 kernel: NET: Registered protocol family 15
>>>
>>> Dec 23 18:14:32 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>>
>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>
>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
>>> /proc/sys/crypto/fips_enabled
>>>
>>> Dec 23 18:14:33 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>> /proc/sys/crypto/fips_enabled
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>> /proc/sys/crypto/fips_enabled
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec_starter[19297]: connect(pluto_ctl) failed: No such file or directory
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>> /proc/sys/crypto/fips_enabled
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>
>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>
>>> Dec 23 18:14:34 pross-mon01 last message repeated 2 times
>>>
>>> Dec 23 18:14:34 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>
>>>
>>>
>>> And my ipsec.conf file is:
>>>
>>>
>>>
>>> version 2.0
>>>
>>>
>>>
>>> config setup
>>>
>>> # Debug-logging controls:
>>>
>>> protostack=netkey
>>>
>>> #klipsdebug=none
>>>
>>> klipsdebug="all"
>>>
>>> plutodebug="all"
>>>
>>> #plutodebug=none
>>>
>>> nat_traversal=yes
>>>
>>> # interfaces = "ipsec0=eth0"
>>>
>>>
>>>
>>> conn iberobrico
>>>
>>> auto=start
>>>
>>> left=%defaultroute
>>>
>>> # leftprotoport=17/1701
>>>
>>> #leftsubnet=10.10.100.0/24
>>>
>>> right=xxx.xxx.xxx.xxx
>>>
>>> # rightprotoport=17/1701
>>>
>>> rightsubnet=172.254.100.0/24
>>>
>>> #rightid=%any
>>>
>>> keyexchange=ike
>>>
>>> authby=secret
>>>
>>> pfs=no
>>>
>>> rekey=yes
>>>
>>> keyingtries=0
>>>
>>> # type=transport
>>>
>>> esp=3des
>>>
>>> #auth=esp
>>>
>>> compress=yes
>>>
>>>
>>>
>>> Can someone help me please.
>>>
>>>
>>>
>>> Kind Regards
>>>
>>>
>>>
>>> PROSS Nevado
>>>
>>> ¡Feliz Navidad y Prospero 2010!
>>>
>>>
>>>
>>> Jorge Jiménez Miguélez
>>>
>>> Avinguda Diagonal, 605 - 4ª Planta
>>> 08028 - Barcelona
>>>
>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>> http://www.pross.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
More information about the Users
mailing list