[Openswan Users] More bizarre ipsec problems; service ipsec stop hangs; random hosts offline; /var/log/secure going nuts...

Greg Scott GregScott at Infrasupport.com
Thu Jul 29 04:50:37 EDT 2010


I installed Openswan-2.6.28dr7. Looks like maybe this doesn't use that
NSS database, while the RPM from Red Hat does use the NSS database.  So
my keys are messed up.  Also, the directories where the .tar.gz build
finds some of the scripts are different from the Red Hat RPM.  I can
deal with the different directories but the key problems are going to
make me crazy.  Well I guess I can deal with that too, just a pain...

[root at MN-fw1 gregs]# service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting Openswan IPsec
U2.6.28dr7/K2.6.33.5-112.fc13.i686.PAE...
ipsec_setup: multiple ip addresses, using  70.91.177.201 on br0
[root at MN-fw1 gregs]# tail /var/log/secure -f
Jul 29 03:44:32 MN-fw1 pluto[5926]: adding interface lo/lo
127.0.0.1:4500
Jul 29 03:44:32 MN-fw1 pluto[5926]: adding interface lo/lo ::1:500
Jul 29 03:44:32 MN-fw1 pluto[5926]: loading secrets from
"/etc/ipsec.secrets"
Jul 29 03:44:32 MN-fw1 pluto[5926]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Jul 29 03:44:32 MN-fw1 pluto[5926]: "/etc/ipsec.d/hostkey.secrets" line
14: malformed end of RSA private key -- indented '}' required
Jul 29 03:44:32 MN-fw1 pluto[5926]: "mn-hq": prepare-client output:
/etc/ipsec.d/mn-updown.sh: line 5: /usr/libexec/ipsec/_updown: No such
file or directory
Jul 29 03:44:32 MN-fw1 pluto[5926]: "mn-hq": route-client output:
/etc/ipsec.d/mn-updown.sh: line 5: /usr/libexec/ipsec/_updown: No such
file or directory
Jul 29 03:44:32 MN-fw1 pluto[5926]: "mn-hq" #1: initiating Main Mode
Jul 29 03:44:32 MN-fw1 pluto[5926]: ERROR: asynchronous network error
report on br0 (sport=500) for message to 69.66.252.178 port 500,
complainant 69.66.252.178: Connection refused [errno 111, origin ICMP
type 3 code 3 (not authenticated)]
Jul 29 03:44:32 MN-fw1 pluto[5926]: initiate on demand from
192.168.0.63:137 to 10.0.0.2:137 proto=17 state: fos_start because:
acquire
Jul 29 03:44:43 MN-fw1 pluto[5926]: ERROR: asynchronous network error
report on br0 (sport=500) for message to 69.66.252.178 port 500,
complainant 69.66.252.178: Connection refused [errno 111, origin ICMP
type 3 code 3 (not authenticated)]
^C
[root at MN-fw1 gregs]#


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Thursday, July 22, 2010 10:59 PM
To: Greg Scott
Subject: RE: [Openswan Users] More bizarre ipsec problems; service ipsec
stop hangs; random hosts offline; /var/log/secure going nuts...

Try 2.6.28dr6. It has the fix that I think might actually solve it for
you,
which was not undoing that patch that I thought earlier. Please try that
one.
ftp://ftp.openswan.org/openswan/development/openswan-2.6.28dr6.tar.gz

Please do let me know as well if you confirm this fixes your issue

Paul


More information about the Users mailing list