[Openswan Users] Openswan doesn't starts because pluto is down

Jorge Jimenez jorge.jimenez at pross.com
Mon Jan 4 13:14:57 EST 2010


Hi,

In my ipsec.d directory I have:

[root at pross-mon01 ipsec.d]# ls -la
total 124
drwxr-xr-x   2 root root  4096 ene  4  2010 .
drwxr-xr-x 103 root root 12288 ene  4 19:30 ..
-rw-------   1 root root 65536 ene  4  2010 cert8.db
-rw-r--r--   1 root root    73 dic 21 22:35 ipsec.secrets
-rw-------   1 root root 16384 ene  4  2010 key3.db
-rw-------   1 root root 16384 ene  4  2010 secmod.db

I run the command and:

[root at pross-mon01 ipsec.d]# certutil -N -d sql:/etc/ipsec.d
certutil: function failed: security library: bad database.


¡Feliz Navidad y Prospero 2010!

Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com


-----Mensaje original-----
De: Randy Wyatt [mailto:rwyatt at nvtl.com]
Enviado el: lunes, 04 de enero de 2010 19:09
Para: Jorge Jimenez; Ondrej Valousek
CC: users at openswan.org; Paul Wouters; Avesh Agarwal
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down

Do you have anything in your /etc/ipsec.d directory?

Run the following command:
        certutil -N -d sql:/etc/ipsec.d

Run the command as is and follow the prompts, and then /etc/init.d/ipsec restart.

Regards,
Randy


-----Mensaje original-----
De: Randy Wyatt [mailto:rwyatt at nvtl.com]
Enviado el: lunes, 04 de enero de 2010 17:59
Para: Jorge Jimenez; Ondrej Valousek
CC: users at openswan.org; Paul Wouters; Avesh Agarwal
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down


When is the last time you rebooted the box?  Are all processes stopped when you execute /etc/init.d/ipsec stop?

Are you pasting the two parts of your configuration file as one, as they should actually be two separate files in Fedora/RHEL type distros?

What about going to the simplest possible configuration and verifying ipsec before adding L2TP on top?

Start from the very beginning and gradually verify each step to find out when the failure is introduced.

Regards,
Randy
------------------------------------------------
Randy Wyatt
Senior Systems Engineer
Office: (858) 431-3743

Cell: (858) 527-8555
rwyatt at nvtl.com
Skype: randy.wyatt77
www.novatelwireless.com

This email and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Any opinions expressed in this email are those of the individual writer alone and not necessarily those of Novatel Wireless, Inc. or its affiliates. To the extent this email purports to waive, amend or supplement any term or condition of an agreement, contract or purchase order (including any exhibits or attachments thereto), such purported waiver, amendment or supplementation shall be of no force or effect whatsoever, anything to the contrary notwithstanding


-----Original Message-----
From: Jorge Jimenez [mailto:jorge.jimenez at pross.com]
Sent: Monday, January 04, 2010 8:52 AM
To: Randy Wyatt; Ondrej Valousek
Cc: users at openswan.org; Paul Wouters; Avesh Agarwal; Jorge Jimenez
Subject: RE: [Openswan Users] Openswan doesn't starts because pluto is down

Hi Randy,

In my ipsec.conf I have this line and when I start ipsec I only have this messages log:

Jan  4 21:09:54 pross-mon01 ipsec_setup: Openswan IPsec apparently already active, start aborted
Jan  4 21:10:02 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
Jan  4 21:10:02 pross-mon01 kernel: NET: Unregistered protocol family 15
Jan  4 21:10:02 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
Jan  4 21:10:08 pross-mon01 kernel: NET: Registered protocol family 15
Jan  4 21:10:08 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
Jan  4 21:10:08 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
Jan  4 21:10:08 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan  4 21:10:08 pross-mon01 kernel: padlock: VIA PadLock not detected.
Jan  4 21:10:08 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan  4 21:10:08 pross-mon01 ipsec_setup: ...Openswan IPsec started
Jan  4 21:10:08 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
Jan  4 21:10:08 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan  4 21:10:08 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jan  4 21:10:08 pross-mon01 last message repeated 2 times
Jan  4 21:10:08 pross-mon01 ipsec__plutorun: whack: read() failed (104 Connection reset by peer)
Jan  4 21:10:08 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Jan  4 21:10:08 pross-mon01 last message repeated 2 times
Jan  4 21:10:08 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up


¡Feliz Navidad y Prospero 2010!

Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com



-----Mensaje original-----
De: Randy Wyatt [mailto:rwyatt at nvtl.com]
Enviado el: lunes, 04 de enero de 2010 17:46
Para: Jorge Jimenez; Ondrej Valousek
CC: users at openswan.org
Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down

Jorge,

  plutodebug="all"

is a rather extreme amount of debugging.  It should include everything you need to debug the connection.

Regards,
Randy Wyatt

------------------------------------------------
Randy Wyatt
Senior Systems Engineer
Office: (858) 431-3743

Cell: (858) 527-8555
rwyatt at nvtl.com
Skype: randy.wyatt77
www.novatelwireless.com

This email and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Any opinions expressed in this email are those of the individual writer alone and not necessarily those of Novatel Wireless, Inc. or its affiliates. To the extent this email purports to waive, amend or supplement any term or condition of an agreement, contract or purchase order (including any exhibits or attachments thereto), such purported waiver, amendment or supplementation shall be of no force or effect whatsoever, anything to the contrary notwithstanding

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Jorge Jimenez
Sent: Monday, January 04, 2010 8:42 AM
To: Ondrej Valousek
Cc: Jorge Jimenez; users at openswan.org
Subject: Re: [Openswan Users] Openswan doesn't starts because pluto is down

Hi Ondrej,

How can I make sure that I have all necessary private keys?
My ipsec.conf file is:

version 2.0

config setup
        # Debug-logging controls:
        protostack=netkey
        #klipsdebug=none
        klipsdebug="all"
        plutodebug="all"
        #plutodebug=none
        nat_traversal=yes
#       interfaces = "ipsec0=eth0"

conn iberobrico
        auto=start
        left=%defaultroute
#       leftprotoport=17/1701
        #leftsubnet=10.10.100.0/24
        right=xxx.xxx.xxx.xxx
#       rightprotoport=17/1701
        rightsubnet=172.254.100.0/24
        #rightid=%any
        keyexchange=ike
        authby=secret
        pfs=no
        rekey=yes
        keyingtries=0
#       type=transport
        esp=3des
        #auth=esp
        compress=yes

And How can I enable more verbose in pluto debugging?


¡Feliz Navidad y Prospero 2010!

Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com



-----Mensaje original-----
De: Ondrej Valousek [mailto:webserv at s3group.cz]
Enviado el: lunes, 04 de enero de 2010 17:28
Para: Jorge Jimenez
CC: Avesh Agarwal; users at openswan.org
Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down

I do not know.

I have two centos 5.4 machines. On one of them is pluto working fine, on
the second pluto did not start up correctly - I had to start it manually
- but it might be caused by the random number generator problems I was
experiencing.

In general - make sure you have all necessary private keys and
certificates in the NSS database and it should work then.....
If not, try to google the error status pluto gives you in hte log.

Also try to enable more verbose pluto debugging.....

O.

Jorge Jimenez wrote:
> And can somebody know what is not working fine? Please
>
>
> ¡Feliz Navidad y Prospero 2010!
>
> Jorge Jiménez Miguélez
> Avinguda Diagonal, 605 - 4ª Planta
> 08028 - Barcelona
> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
> http://www.pross.com
>
>
>
> -----Mensaje original-----
> De: Ondrej Valousek [mailto:webserv at s3group.cz]
> Enviado el: lunes, 04 de enero de 2010 17:18
> Para: Avesh Agarwal
> CC: Jorge Jimenez; users at openswan.org
> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>
> Avesh Agarwal wrote:
>
>> On 01/04/2010 11:16 AM, Jorge Jimenez wrote:
>>
>>
>>> Hi Avesh,
>>>
>>> I answer your two questions.
>>>
>>>          - I don't have a sql database in my linux machine, I need it?
>>>
>>>
>>>
>> If you are running on fedora, then yes.
>>
>>
> No, you do not need it. I do not know what this prefix means, but NSS
> holds the database for you. No additional sql server is needed.....
>
>
>>>          - SELinux is disabled in my machine
>>>
>>> Thanks for your answer and king regards
>>>
>>>
>>> ¡Feliz Navidad y Prospero 2010!
>>>
>>> Jorge Jiménez Miguélez
>>> Avinguda Diagonal, 605 - 4ª Planta
>>> 08028 - Barcelona
>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>> http://www.pross.com
>>>
>>>
>>>
>>> -----Mensaje original-----
>>> De: Avesh Agarwal [mailto:avagarwa at redhat.com]
>>> Enviado el: lunes, 04 de enero de 2010 17:05
>>> Para: Jorge Jimenez
>>> CC: Paul Wouters; users at openswan.org
>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>
>>> On 01/04/2010 10:59 AM, Jorge Jimenez wrote:
>>>
>>>
>>>
>>>> Hi Avesh,
>>>>
>>>> I read README.nss and use this command:
>>>>        certutil -N -d<path-to-ipsec.d- dir>/ipsec.d
>>>> to create a database.
>>>> But it doesn't work and I get this messages log:
>>>>
>>>>
>>>>
>>>>
>>>>
>>> is NSS intialized now? On fedora, use "sql:" as a prefix like
>>> "sql:<path-to-database>", or set NSS_DEFAULT_DB_TYPE="sql" if you do not
>>> want to give "sql:" prefix on the command line. It should create
>>> cert9.db and key4.db.
>>>
>>>
>>>
>>>
>>>>        Jan  4 20:14:20 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>>>        Jan  4 20:14:20 pross-mon01 kernel: NET: Unregistered protocol family 15
>>>>        Jan  4 20:14:20 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>>>        Jan  4 20:14:26 pross-mon01 kernel: NET: Registered protocol family 15
>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>        Jan  4 20:14:26 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>        Jan  4 20:14:26 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>        Jan  4 20:14:26 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>        Jan  4 20:14:26 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>        Jan  4 20:14:26 pross-mon01 ipsec_starter[15185]: connect(pluto_ctl) failed: No such file or directory
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>        Jan  4 20:14:26 pross-mon01 last message repeated 2 times
>>>>        Jan  4 20:14:26 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> Also check if pluto is not starting due to selinux policy by putting
>>> selinx into permissive mode.
>>>
>>>
>>> Avesh
>>>
>>>
>>>
>>>
>>>> ¡Feliz Navidad y Prospero 2010!
>>>>
>>>> Jorge Jiménez Miguélez
>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>> 08028 - Barcelona
>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>> http://www.pross.com
>>>>
>>>>
>>>> -----Mensaje original-----
>>>> De: Avesh Agarwal [mailto:avagarwa at redhat.com]
>>>> Enviado el: lunes, 04 de enero de 2010 15:52
>>>> Para: Paul Wouters
>>>> CC: Jorge Jimenez; users at openswan.org
>>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>
>>>> On 12/28/2009 09:03 AM, Paul Wouters wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> On Mon, 28 Dec 2009, Jorge Jimenez wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Have you seen my logs? What do you think about?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> You need to either migrate your configuration to use NSS, or you
>>>>> need to recompile openswan without NSS. I assume you're using a
>>>>> binary package from fedora or rhel, so check /usr/share/doc/opnswan*
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>
>>>>>> Jorge Jiménez Miguélez
>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>> 08028 - Barcelona
>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>> http://www.pross.com
>>>>>>
>>>>>>
>>>>>> -----Mensaje original-----
>>>>>> De: Jorge Jimenez
>>>>>> Enviado el: jueves, 24 de diciembre de 2009 9:26
>>>>>> Para: Jorge Jimenez; Paul Wouters
>>>>>> CC: users at openswan.org
>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>
>>>>>> Sorry Paul,
>>>>>>
>>>>>> Copy/paste doesn't show fine. I try to send it another time.
>>>>>>
>>>>>> [root at pross-mon01 log]# /etc/init.d/ipsec start
>>>>>> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>
>>>>>> [root at pross-mon01 log]# grep pluto secure
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> Hi,
>>>>
>>>> Please go through README.nss. I think you need to create NSS database
>>>> first, if you want to use Openswan with NSS.
>>>>
>>>> Regards
>>>> Avesh
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>> [root at pross-mon01 log]# grep pluto messages
>>>>>> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>
>>>>>>
>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>
>>>>>> Jorge Jiménez Miguélez
>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>> 08028 - Barcelona
>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>> http://www.pross.com
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----Mensaje original-----
>>>>>> De: Jorge Jimenez
>>>>>> Enviado el: jueves, 24 de diciembre de 2009 9:22
>>>>>> Para: Paul Wouters
>>>>>> CC: users at openswan.org; Jorge Jimenez
>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>
>>>>>> Hi Paul,
>>>>>>
>>>>>> Here you are. When I try to start ipsec, it only writes logs in secure and messages files:
>>>>>>
>>>>>> [root at pross-mon01 log]# /etc/init.d/ipsec start
>>>>>> /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>> ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>>
>>>>>> [root at pross-mon01 log]# grep pluto secure
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: nss directory plutomain: sql:/etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 pluto[7416]: NSS initialization failed (err -8174)
>>>>>>
>>>>>> [root at pross-mon01 log]# grep pluto messages
>>>>>> Dec 24 10:40:21 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec_starter[7423]: connect(pluto_ctl) failed: No such file or directory
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>> Dec 24 10:40:21 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>
>>>>>> Thanks and kind Regards
>>>>>>
>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>
>>>>>> Jorge Jiménez Miguélez
>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>> 08028 - Barcelona
>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>> http://www.pross.com
>>>>>>
>>>>>>
>>>>>> -----Mensaje original-----
>>>>>> De: Paul Wouters [mailto:paul at xelerance.com]
>>>>>> Enviado el: jueves, 24 de diciembre de 2009 5:39
>>>>>> Para: Jorge Jimenez
>>>>>> CC: users at openswan.org
>>>>>> Asunto: RE: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>
>>>>>> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Thanks for your quickly answer!
>>>>>>> Sorry for my English...
>>>>>>> I only see in my logs what I sended... How can I increase my logs? What can I do to help you to find the problem...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Check all the logs in /var/log/*
>>>>>> for instance:
>>>>>>
>>>>>>      grep pluto /var/log/*
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Thanks and kind regards
>>>>>>>
>>>>>>>
>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>
>>>>>>> Jorge Jiménez Miguélez
>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>> 08028 - Barcelona
>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>> http://www.pross.com
>>>>>>>
>>>>>>>
>>>>>>> -----Mensaje original-----
>>>>>>> De: Paul Wouters [mailto:paul at xelerance.com]
>>>>>>> Enviado el: miércoles, 23 de diciembre de 2009 20:01
>>>>>>> Para: Jorge Jimenez
>>>>>>> CC: users at openswan.org
>>>>>>> Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>
>>>>>>> On Wed, 23 Dec 2009, Jorge Jimenez wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Date: Wed, 23 Dec 2009 17:14:59 +0100
>>>>>>>> From: Jorge Jimenez<jorge.jimenez at pross.com>
>>>>>>>> Cc: Jorge Jimenez<jorge.jimenez at pross.com>
>>>>>>>> To: "users at openswan.org"<users at openswan.org>
>>>>>>>> Subject: [Openswan Users] Openswan doesn't starts because pluto is down
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>> I've installed Openswan and it doesn't work.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> It looks like your pluto is crashing. Please check the logs for a more detailed
>>>>>>> message. I don't see it below.
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> My message log is:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                    Dec 23 18:14:28 pross-mon01 ipsec_setup: Stopping Openswan IPsec...
>>>>>>>>
>>>>>>>> Dec 23 18:14:28 pross-mon01 kernel: NET: Unregistered protocol family 15
>>>>>>>>
>>>>>>>> Dec 23 18:14:28 pross-mon01 ipsec_setup: ...Openswan IPsec stopped
>>>>>>>>
>>>>>>>> Dec 23 18:14:32 pross-mon01 kernel: NET: Registered protocol family 15
>>>>>>>>
>>>>>>>> Dec 23 18:14:32 pross-mon01 ipsec_setup: Starting Openswan IPsec U2.6.24rc3/K2.6.18-164.el5...
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: Using NETKEY(XFRM) stack
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 kernel: padlock: VIA PadLock not detected.
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 pluto: adjusting ipsec.d to /etc/ipsec.d
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_setup: ...Openswan IPsec started
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec_starter[19297]: connect(pluto_ctl) failed: No such file or directory
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
>>>>>>>> /proc/sys/crypto/fips_enabled
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: connect(pluto_ctl) failed: No such file or directory
>>>>>>>>
>>>>>>>> Dec 23 18:14:33 pross-mon01 ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>>>>>>>
>>>>>>>> Dec 23 18:14:34 pross-mon01 last message repeated 2 times
>>>>>>>>
>>>>>>>> Dec 23 18:14:34 pross-mon01 ipsec__plutorun: pluto apparently already running (?!?), giving up
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> And my ipsec.conf file is:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                    version 2.0
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> config setup
>>>>>>>>
>>>>>>>>            # Debug-logging controls:
>>>>>>>>
>>>>>>>>            protostack=netkey
>>>>>>>>
>>>>>>>>            #klipsdebug=none
>>>>>>>>
>>>>>>>>            klipsdebug="all"
>>>>>>>>
>>>>>>>>            plutodebug="all"
>>>>>>>>
>>>>>>>>            #plutodebug=none
>>>>>>>>
>>>>>>>>            nat_traversal=yes
>>>>>>>>
>>>>>>>> #       interfaces = "ipsec0=eth0"
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> conn iberobrico
>>>>>>>>
>>>>>>>>            auto=start
>>>>>>>>
>>>>>>>>            left=%defaultroute
>>>>>>>>
>>>>>>>> #       leftprotoport=17/1701
>>>>>>>>
>>>>>>>>            #leftsubnet=10.10.100.0/24
>>>>>>>>
>>>>>>>>            right=xxx.xxx.xxx.xxx
>>>>>>>>
>>>>>>>> #       rightprotoport=17/1701
>>>>>>>>
>>>>>>>>            rightsubnet=172.254.100.0/24
>>>>>>>>
>>>>>>>>            #rightid=%any
>>>>>>>>
>>>>>>>>            keyexchange=ike
>>>>>>>>
>>>>>>>>            authby=secret
>>>>>>>>
>>>>>>>>            pfs=no
>>>>>>>>
>>>>>>>>            rekey=yes
>>>>>>>>
>>>>>>>>            keyingtries=0
>>>>>>>>
>>>>>>>> #       type=transport
>>>>>>>>
>>>>>>>>            esp=3des
>>>>>>>>
>>>>>>>>            #auth=esp
>>>>>>>>
>>>>>>>>            compress=yes
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Can someone help me please.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Kind Regards
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> PROSS Nevado
>>>>>>>>
>>>>>>>> ¡Feliz Navidad y Prospero 2010!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Jorge Jiménez Miguélez
>>>>>>>>
>>>>>>>> Avinguda Diagonal, 605 - 4ª Planta
>>>>>>>> 08028 - Barcelona
>>>>>>>>
>>>>>>>> Tel.: 902 01 35 34 - Móvil: 669 83 08 76
>>>>>>>> http://www.pross.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Users at openswan.org
>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
>
>
>



_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155








More information about the Users mailing list