[Openswan Users] Pluto Failing at Boot - Working Otherwise

Graeme Peart graemepeart at sbcglobal.net
Fri Jan 29 07:48:33 EST 2010 

Hi all,

I'm using Linux Openswan U2.6.24/K2.6.31-17-generic (netkey) on Ubuntu 9.10
for a VPN server and have successfully got LT2P working with Windows 7 and
iPod Touch and NAT at both ends.  One of my last challenges is to get Pluto
to start properly at boot.  It works fine when started with
/etc/init.d/ipsec start.  Any ideas?  I couldn't find any answers googling.
I'm also curious about all those WARNINGs.

See log dump below.

Thanks

Graeme

_______________________________

 

/var/log/auth.log:Jan 28 20:07:40 Server ipsec__plutorun: Starting Pluto
subsystem...

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Starting Pluto
(Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:1531

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Setting NAT-Traversal
port-4500 floating to on

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:    port floating
activation criteria nat_t=1/port_float=1

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:    NAT-Traversal
support  [enabled]

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: using /dev/urandom as
source of random entropy

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: starting up 1
cryptographic helpers

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: started helper
pid=1538 (fd:7)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1538]: using /dev/urandom as
source of random entropy

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Using Linux 2.6 IPsec
interface code on 2.6.31-17-generic (experimental code)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: ike_alg_add(): ERROR:
Algorithm already exists

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: ike_alg_add(): ERROR:
Algorithm already exists

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: ike_alg_add(): ERROR:
Algorithm already exists

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: ike_alg_add(): ERROR:
Algorithm already exists

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): WARNING: enc alg=0 not found in
constants.c:oakley_enc_names

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: ike_alg_add(): ERROR:
Algorithm already exists

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:
ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Changed path to
directory '/etc/ipsec.d/cacerts'

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Changed path to
directory '/etc/ipsec.d/aacerts'

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Changed path to
directory '/etc/ipsec.d/ocspcerts'

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: Changing to directory
'/etc/ipsec.d/crls'

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]:   Warning: empty
directory

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: added connection
description "L2TP-PSK-NAT"

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: added connection
description "L2TP-PSK-noNAT"

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: added connection
description "passthrough-for-non-tunnel"

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: listening for IKE
messages

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: NAT-Traversal: Trying
new style NAT-T

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: NAT-Traversal:
ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: NAT-Traversal: Trying
old style NAT-T

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: adding interface
eth0/eth0 192.168.1.62:500

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: adding interface
eth0/eth0 192.168.1.62:4500

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: adding interface lo/lo
127.0.0.1:500

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: adding interface lo/lo
127.0.0.1:4500

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: adding interface lo/lo
::1:500

/var/log/auth.log:Jan 28 20:07:40 Server pluto[1531]: loading secrets from
"/etc/ipsec.secrets"

 

Something seems to be causing a problem at this point

 

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: forgetting secrets

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]:
"passthrough-for-non-tunnel": deleting connection

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: "L2TP-PSK-noNAT":
deleting connection

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: "L2TP-PSK-NAT":
deleting connection

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: shutting down
interface lo/lo ::1:500

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: shutting down
interface lo/lo 127.0.0.1:4500

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: shutting down
interface lo/lo 127.0.0.1:500

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: shutting down
interface eth0/eth0 192.168.1.62:4500

/var/log/auth.log:Jan 28 20:07:41 Server pluto[1531]: shutting down
interface eth0/eth0 192.168.1.62:500

/var/log/auth.log:Jan 28 20:07:42 Server pluto[1531]: ADNS process
terminated by signal 15

 

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: adjusting
ipsec.d to /etc/ipsec.d

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 002 added
connection description "L2TP-PSK-NAT"

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 002 added
connection description "L2TP-PSK-noNAT"

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 002 added
connection description "passthrough-for-non-tunnel"

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 003
NAT-Traversal: Trying new style NAT-T

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 003
NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4
(errno=19)

/var/log/daemon.log:Jan 28 20:07:40 Server ipsec__plutorun: 003
NAT-Traversal: Trying old style NAT-T

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2165]: Enabling IPsec
SAref processing for L2TP transport mode SAs

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2165]: IPsec SAref does
not work with L2TP kernel mode yet, enabling forceuserspace=yes

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2165]: setsockopt
recvref[22]: Protocol not available

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2165]: This binary does
not support kernel L2TP.

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: xl2tpd version
xl2tpd-1.2.4 started on Server PID:2166

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: Written by Mark
Spencer, Copyright (C) 1998, Adtran, Inc.

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: Forked by Scott
Balmos and David Stipp, (C) 2001

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: Inherited by Jeff
McAdams, (C) 2002

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: Forked again by
Xelerance (www.xelerance.com) (C) 2006

/var/log/daemon.log:Jan 28 20:07:57 Server xl2tpd[2166]: Listening on IP
address 192.168.1.62, port 1701

 

/var/log/messages:Jan 28 20:07:40 Server pluto: adjusting ipsec.d to
/etc/ipsec.d

 

/var/log/syslog:Jan 28 20:07:40 Server pluto: adjusting ipsec.d to
/etc/ipsec.d

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: adjusting ipsec.d to
/etc/ipsec.d

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 002 added connection
description "L2TP-PSK-NAT"

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 002 added connection
description "L2TP-PSK-noNAT"

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 002 added connection
description "passthrough-for-non-tunnel"

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 003 NAT-Traversal:
Trying new style NAT-T

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 003 NAT-Traversal:
ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)

/var/log/syslog:Jan 28 20:07:40 Server ipsec__plutorun: 003 NAT-Traversal:
Trying old style NAT-T

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2165]: Enabling IPsec SAref
processing for L2TP transport mode SAs

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2165]: IPsec SAref does not
work with L2TP kernel mode yet, enabling forceuserspace=yes

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2165]: setsockopt recvref[22]:
Protocol not available

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2165]: This binary does not
support kernel L2TP.

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2166]: xl2tpd version
xl2tpd-1.2.4 started on Server PID:2166

/var/log/syslog:Jan 28 20:07:57 Server xl2tpd[2166]: Written by Mark
Spencer, Copyright (C) 1998, Adtran, Inc.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100129/e7d3fa6f/attachment-0001.html

More information about the Users mailing list