[Openswan Users] Openswan doesn't starts because pluto is down

Jorge Jimenez jorge.jimenez at pross.com
Mon Jan 4 12:58:53 EST 2010


Hi Ondrej,

"certuil -H" isn't a valid option to certutil in my machine.
I try:

[root at pross-mon01 ~]# certutil -K
certutil: function failed: security library: bad database.
[root at pross-mon01 ~]# certutil -L
certutil: function failed: security library: bad database.

/var/log/secure contains 3 lines when I try to start ipsec:

Jan  4 19:50:30 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
Jan  4 19:50:30 pross-mon01 pluto[3035]: nss directory plutomain: sql:/etc/ipsec.d
Jan  4 19:50:30 pross-mon01 pluto[3035]: NSS initialization failed (err -8174)

Thanks and kind regards

¡Feliz Navidad y Prospero 2010!

Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com



-----Mensaje original-----
De: Ondrej Valousek [mailto:webserv at s3group.cz]
Enviado el: lunes, 04 de enero de 2010 17:57
Para: Jorge Jimenez
CC: Avesh Agarwal; users at openswan.org; Paul Wouters
Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down

Ok, looks like you have full debugging enabled. However this won't tell
anything about the NSS database itself. Use certutil command to check
the content of the database (certutil -H will tell you more).
Also, /var/log/secure contains pluto debug messages....

Ondrej

Jorge Jimenez wrote:
> Hi Ondrej,
>
> How can I make sure that I have all necessary private keys?
> My ipsec.conf file is:
>
> version 2.0
>
> config setup
>         # Debug-logging controls:
>         protostack=netkey
>         #klipsdebug=none
>         klipsdebug="all"
>         plutodebug="all"
>         #plutodebug=none
>         nat_traversal=yes
> #       interfaces = "ipsec0=eth0"
>
> conn iberobrico
>         auto=start
>         left=%defaultroute
> #       leftprotoport=17/1701
>         #leftsubnet=10.10.100.0/24
>         right=xxx.xxx.xxx.xxx
> #       rightprotoport=17/1701
>         rightsubnet=172.254.100.0/24
>         #rightid=%any
>         keyexchange=ike
>         authby=secret
>         pfs=no
>         rekey=yes
>         keyingtries=0
> #       type=transport
>         esp=3des
>         #auth=esp
>         compress=yes
>
> And How can I enable more verbose in pluto debugging?
>
>
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
>
> -----Mensaje original-----
> De: Ondrej Valousek [mailto:webserv at s3group.cz]
> Enviado el: lunes, 04 de enero de 2010 17:28
> Para: Jorge Jimenez
> CC: Avesh Agarwal; users at openswan.org
> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>
> I do not know.
>
> I have two centos 5.4 machines. On one of them is pluto working fine, on
> the second pluto did not start up correctly - I had to start it manually
> - but it might be caused by the random number generator problems I was
> experiencing.
>
> In general - make sure you have all necessary private keys and
> certificates in the NSS database and it should work then.....
> If not, try to google the error status pluto gives you in hte log.
>
> Also try to enable more verbose pluto debugging.....
>
> O.
>
> Jorge Jimenez wrote:
>
>> And can somebody know what is not working fine? Please
>>
>>
>> ¡Feliz Navidad y Prospero 2010!
>>
>> Jorge Jiménez Miguélez
>> Avinguda Diagonal, 605 - 4ª Planta
>> 08028 - Barcelona
>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>> http://www.pross.com
>>
>>
>>
>> -----Mensaje original-----
>> De: Ondrej Valousek [mailto:webserv at s3group.cz]
>> Enviado el: lunes, 04 de enero de 2010 17:18
>> Para: Avesh Agarwal
>> CC: Jorge Jimenez; users at openswan.org
>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>
>> Avesh Agarwal wrote:
>>
>>
>>> On 01/04/2010 11:16 AM, Jorge Jimenez wrote:
>>>
>>>
>>>
>>>> Hi Avesh,
>>>>
>>>> I answer your two questions.
>>>>
>>>>          - I don't have a sql database in my linux machine, I need it?
>>>>
>>>>
>>>>
>>>>
>>> If you are running on fedora, then yes.
>>>
>>>
>>>
>> No, you do not need it. I do not know what this prefix means, but NSS
>> holds the database for you. No additional sql server is needed.....
>>
>>
>>
>>>>          - SELinux is disabled in my machine
>>>>
>>>> Thanks for your answer and king regards
>>>>
>>>>
>>>> ¡Feliz Navidad y Prospero 2010!
>>>>
>>>> Jorge Jiménez Miguélez
>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>> 08028 - Barcelona
>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>> http://www.pross.com
>>>>
>>>>
>>>>
>>>> -----Mensaje original-----
>>>> De: Avesh Agarwal [mailto:avagarwa at redhat.com]
>>>> Enviado el: lunes, 04 de enero de 2010 17:05
>>>> Para: Jorge Jimenez
>>>> CC: Paul Wouters; users at openswan.org
>>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>
>>>> On 01/04/2010 10:59 AM, Jorge Jimenez wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> Hi Avesh,
>>>>>
>>>>> I read README.nss and use this command:
>>>>>        certutil -N -d<path-to-ipsec.d- dir>/ipsec.d
>>>>> to create a database.
>>>>> But it doesn't work and I get this messages log:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> is NSS intialized now? On fedora, use "sql:" as a prefix like
>>>> "sql:<path-to-database>", or set NSS_DEFAULT_DB_TYPE="sql" if you do not
>>>> want to give "sql:" prefix on the command line. It should create
>>>> cert9.db and key4.db.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>        Jan  4 20:14:20 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>>>>        Jan  4 20:14:20 pross-mon01 kernel: NET: Unregistered protocol family 15
>>>>>        Jan  4 20:14:20 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>>>>        Jan  4 20:14:26 pross-mon01 kernel: NET: Registered protocol family 15
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>        Jan  4 20:14:26 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>        Jan  4 20:14:26 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>        Jan  4 20:14:26 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec_starter[15185]: connect(pluto_ctl) failed: No such file or directory
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>        Jan  4 20:14:26 pross-mon01 last message repeated 2 times
>>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Also check if pluto is not starting due to selinux policy by putting
>>>> selinx into permissive mode.
>>>>
>>>>
>>>> Avesh
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>
>>>>> Jorge Jiménez Miguélez
>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>> 08028 - Barcelona
>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>> http://www.pross.com
>>>>>
>>>>>
>>>>> -----Mensaje original-----
>>>>> De: Avesh Agarwal [mailto:avagarwa at redhat.com]
>>>>> Enviado el: lunes, 04 de enero de 2010 15:52
>>>>> Para: Paul Wouters
>>>>> CC: Jorge Jimenez; users at openswan.org
>>>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>
>>>>> On 12/28/2009 09:03 AM, Paul Wouters wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On Mon, 28 Dec 2009, Jorge Jimenez wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Have you seen my logs? What do you think about?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> You need to either migrate your configuration to use NSS, or you
>>>>>> need to recompile openswan without NSS. I assume you're using a
>>>>>> binary package from fedora or rhel, so check /usr/share/doc/opnswan*
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>
>>>>>>> Jorge Jiménez Miguélez
>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>> 08028 - Barcelona
>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>> http://www.pross.com
>>>>>>>
>>>>>>>
>>>>>>> -----Mensaje original-----
>>>>>>> De: Jorge Jimenez
>>>>>>> Enviado el: jueves, 24 de diciembre de 2009 9:26
>>>>>>> Para: Jorge Jimenez; Paul Wouters
>>>>>>> CC: users at openswan.org
>>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>
>>>>>>> Sorry Paul,
>>>>>>>
>>>>>>> Copy/paste doesn't show fine. I try to send it another time.
>>>>>>>
>>>>>>> [root at pross-mon01 log]# /etc/init.d/ipsec start
>>>>>>> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>>> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>>
>>>>>>> [root at pross-mon01 log]# grep pluto secure
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> Hi,
>>>>>
>>>>> Please go through README.nss. I think you need to create NSS database
>>>>> first, if you want to use Openswan with NSS.
>>>>>
>>>>> Regards
>>>>> Avesh
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>> [root at pross-mon01 log]# grep pluto messages
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>>
>>>>>>>
>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>
>>>>>>> Jorge Jiménez Miguélez
>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>> 08028 - Barcelona
>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>> http://www.pross.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -----Mensaje original-----
>>>>>>> De: Jorge Jimenez
>>>>>>> Enviado el: jueves, 24 de diciembre de 2009 9:22
>>>>>>> Para: Paul Wouters
>>>>>>> CC: users at openswan.org; Jorge Jimenez
>>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>
>>>>>>> Hi Paul,
>>>>>>>
>>>>>>> Here you are. When I try to start ipsec, it only writes logs in secure and messages files:
>>>>>>>
>>>>>>> [root at pross-mon01 log]# /etc/init.d/ipsec start
>>>>>>> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>>> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>>
>>>>>>> [root at pross-mon01 log]# grep pluto secure
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>>>>>>>
>>>>>>> [root at pross-mon01 log]# grep pluto messages
>>>>>>> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>>
>>>>>>> Thanks and kind Regards
>>>>>>>
>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>
>>>>>>> Jorge Jiménez Miguélez
>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>> 08028 - Barcelona
>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>> http://www.pross.com
>>>>>>>
>>>>>>>
>>>>>>> -----Mensaje original-----
>>>>>>> De: Paul Wouters [mailto:paul at xelerance.com]
>>>>>>> Enviado el: jueves, 24 de diciembre de 2009 5:39
>>>>>>> Para: Jorge Jimenez
>>>>>>> CC: users at openswan.org
>>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>
>>>>>>> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Thanks for your quickly answer!
>>>>>>>> Sorry for my English...
>>>>>>>> I only see in my logs what I sended... How can I increase my logs? What can I do to help you to find the problem...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Check all the logs in /var/log/*
>>>>>>> for instance:
>>>>>>>
>>>>>>>      grep pluto /var/log/*
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Thanks and kind regards
>>>>>>>>
>>>>>>>>
>>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>>
>>>>>>>> Jorge Jiménez Miguélez
>>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>>> 08028 - Barcelona
>>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>>> http://www.pross.com
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Mensaje original-----
>>>>>>>> De: Paul Wouters [mailto:paul at xelerance.com]
>>>>>>>> Enviado el: miércoles, 23 de diciembre de 2009 20:01
>>>>>>>> Para: Jorge Jimenez
>>>>>>>> CC: users at openswan.org
>>>>>>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>>
>>>>>>>> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Date: Wed, 23 Dec 2009 17:14:59 +0100
>>>>>>>>> From: Jorge Jimenez<jorge.jimenez at pross.com>
>>>>>>>>> Cc: Jorge Jimenez<jorge.jimenez at pross.com>
>>>>>>>>> To: "users at openswan.org"<users at openswan.org>
>>>>>>>>> Subject: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I’ve installed Openswan and it doesn’t work.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> It looks like your pluto is crashing. Please check the logs for a more detailed
>>>>>>>> message. I don't see it below.
>>>>>>>>
>>>>>>>> Paul
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> My message log is:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    Dec 23 18:14:28 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:28 pross-mon01 kernel: NET: Unregistered protocol family 15
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:28 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:32 pross-mon01 kernel: NET: Registered protocol family 15
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:32 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_starter[19297]: connect(pluto_ctl) failed: No such file or directory
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:34 pross-mon01 last message repeated 2 times
>>>>>>>>>
>>>>>>>>> Dec 23 18:14:34 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> And my ipsec.conf file is:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    version 2.0
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> config setup
>>>>>>>>>
>>>>>>>>>            # Debug-logging controls:
>>>>>>>>>
>>>>>>>>>            protostack=netkey
>>>>>>>>>
>>>>>>>>>            #klipsdebug=none
>>>>>>>>>
>>>>>>>>>            klipsdebug="all"
>>>>>>>>>
>>>>>>>>>            plutodebug="all"
>>>>>>>>>
>>>>>>>>>            #plutodebug=none
>>>>>>>>>
>>>>>>>>>            nat_traversal=yes
>>>>>>>>>
>>>>>>>>> #       interfaces = "ipsec0=eth0"
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> conn iberobrico
>>>>>>>>>
>>>>>>>>>            auto=start
>>>>>>>>>
>>>>>>>>>            left=%defaultroute
>>>>>>>>>
>>>>>>>>> #       leftprotoport=17/1701
>>>>>>>>>
>>>>>>>>>            #leftsubnet=10.10.100.0/24
>>>>>>>>>
>>>>>>>>>            right=xxx.xxx.xxx.xxx
>>>>>>>>>
>>>>>>>>> #       rightprotoport=17/1701
>>>>>>>>>
>>>>>>>>>            rightsubnet=172.254.100.0/24
>>>>>>>>>
>>>>>>>>>            #rightid=%any
>>>>>>>>>
>>>>>>>>>            keyexchange=ike
>>>>>>>>>
>>>>>>>>>            authby=secret
>>>>>>>>>
>>>>>>>>>            pfs=no
>>>>>>>>>
>>>>>>>>>            rekey=yes
>>>>>>>>>
>>>>>>>>>            keyingtries=0
>>>>>>>>>
>>>>>>>>> #       type=transport
>>>>>>>>>
>>>>>>>>>            esp=3des
>>>>>>>>>
>>>>>>>>>            #auth=esp
>>>>>>>>>
>>>>>>>>>            compress=yes
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Can someone help me please.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Kind Regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> PROSS Nevado
>>>>>>>>>
>>>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Jorge Jiménez Miguélez
>>>>>>>>>
>>>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>>>> 08028 - Barcelona
>>>>>>>>>
>>>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>>>> http://www.pross.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>> _______________________________________________
>>>>>> Users at openswan.org
>>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>>
>>
>>
>>
>
>
>
>





More information about the Users mailing list