[Openswan Users] need help with openswan

pual pual at myway.com
Fri Jun 4 10:47:27 EDT 2010


Hello al,I try more than 2 weeks to configure the openswan, but till now without any success. Hoop you can help me.Linux ="Ubuntu 9.10" (openswan 2.6.25) <---> internet <----> Mac OS 10.6.3

I try to setup the connection with PSK.I have try the different config, but that is the last one i am using:ipsec.conf:version 2.0     # conforms to second version of ipsec.conf specification# basic configurationconfig setup        plutoopts="--perpeerlog"        nat_traversal=yes        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12        nhelpers=0        uniqueids=yes        oe=off        protostack=netkeyconn west-pual        left=x.x.x.x        leftprotoport=17/%any        leftid=vpn-server        right=%any        rightid=@mac-pual        rightprotoport=17/%any        rightsubnet=vhost:%no,%priv        authby=secret        auto=add        pfs=no        type=transportipsec.secrets config:x.x.x.x %any: PSK "1234"log:----log when restart the ipsec:==> /var/log/daemon.log <==Jun  4 16:27:13 vpn-server ipsec_setup: Stopping Openswan IPsec...==> /var/log/auth.log <==Jun  4 16:27:14 vpn-server ipsec__plutorun: Starting Pluto subsystem...Jun  4 16:27:14 vpn-server pluto[2973]: Starting Pluto (Openswan Version 2.6.25; Vendor ID OEC`nT{wo^XH) pid:2973Jun  4 16:27:14 vpn-server pluto[2973]: Setting NAT-Traversal port-4500 floating to onJun  4 16:27:14 vpn-server pluto[2973]:    port floating activation criteria nat_t=1/port_float=1Jun  4 16:27:14 vpn-server pluto[2973]:    NAT-Traversal support  [enabled]Jun  4 16:27:14 vpn-server pluto[2973]: fixup for bad virtual_private entry '%4:91.200.17.23/24', please fix your virtual_private line!Jun  4 16:27:14 vpn-server pluto[2973]: fixup for bad virtual_private entry '%4:91.200.17.23/24', please fix your virtual_private line!Jun  4 16:27:14 vpn-server pluto[2973]: using /dev/urandom as source of random entropyJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: no helpers will be started, all cryptographic operations will be done inlineJun  4 16:27:14 vpn-server pluto[2973]: Using Linux 2.6 IPsec interface code on 2.6.31-21-server (experimental code)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_add(): ERROR: Algorithm already existsJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_add(): ERROR: Algorithm already existsJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_add(): ERROR: Algorithm already existsJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_add(): ERROR: Algorithm already existsJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  Jun  4 16:27:14 vpn-server pluto[2973]: ike_alg_add(): ERROR: Algorithm already existsJun  4 16:27:14 vpn-server pluto[2973]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)Jun  4 16:27:14 vpn-server pluto[2973]: Changed path to directory '/etc/ipsec.d/cacerts'Jun  4 16:27:14 vpn-server pluto[2973]: Changed path to directory '/etc/ipsec.d/aacerts'Jun  4 16:27:14 vpn-server pluto[2973]: Changed path to directory '/etc/ipsec.d/ocspcerts'Jun  4 16:27:14 vpn-server pluto[2973]: Changing to directory '/etc/ipsec.d/crls'Jun  4 16:27:14 vpn-server pluto[2973]:   Warning: empty directoryJun  4 16:27:14 vpn-server pluto[2973]: added connection description "west-pual"Jun  4 16:27:14 vpn-server pluto[2973]: listening for IKE messagesJun  4 16:27:14 vpn-server pluto[2973]: NAT-Traversal: Trying new style NAT-TJun  4 16:27:14 vpn-server pluto[2973]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)Jun  4 16:27:14 vpn-server pluto[2973]: NAT-Traversal: Trying old style NAT-TJun  4 16:27:14 vpn-server pluto[2973]: adding interface eth0/eth0 x.x.x.x:500Jun  4 16:27:14 vpn-server pluto[2973]: adding interface eth0/eth0 x.x.x.x:4500Jun  4 16:27:14 vpn-server pluto[2973]: adding interface lo/lo 127.0.0.1:500Jun  4 16:27:14 vpn-server pluto[2973]: adding interface lo/lo 127.0.0.1:4500Jun  4 16:27:14 vpn-server pluto[2973]: adding interface lo/lo ::1:500Jun  4 16:27:14 vpn-server pluto[2973]: loading secrets from "/etc/ipsec.secrets"==> /var/log/daemon.log <==Jun  4 16:27:14 vpn-server ipsec_setup: ...Openswan IPsec stoppedJun  4 16:27:14 vpn-server ipsec_setup: Starting Openswan IPsec U2.6.25/K2.6.31-21-server...Jun  4 16:27:14 vpn-server ipsec_setup: Using NETKEY(XFRM) stackJun  4 16:27:14 vpn-server ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.dJun  4 16:27:14 vpn-server ipsec_setup: ...Openswan IPsec startedJun  4 16:27:14 vpn-server ipsec__plutorun: 002 added connection description "west-pual"Jun  4 16:27:14 vpn-server ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-TJun  4 16:27:14 vpn-server ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)Jun  4 16:27:14 vpn-server ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T==> /var/log/kern.log <==Jun  4 16:27:14 vpn-server kernel: [ 2341.330663] NET: Unregistered protocol family 15Jun  4 16:27:14 vpn-server kernel: [ 2341.350129] NET: Registered protocol family 15Jun  4 16:27:14 vpn-server kernel: [ 2341.494255] Initializing XFRM netlink socketJun  4 16:27:14 vpn-server kernel: [ 2341.497440] padlock: VIA PadLock not detected.Jun  4 16:27:14 vpn-server kernel: [ 2341.523342] padlock: VIA PadLock Hash Engine not detected.Jun  4 16:27:14 vpn-server kernel: [ 2341.575592] Intel AES-NI instructions are not detected.Jun  4 16:27:14 vpn-server kernel: [ 2341.602313] padlock: VIA PadLock not detected.==> /var/log/auth.log <==
Jun  4 16:28:50 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #1: max number of retransmissions (2) reached STATE_MAIN_R1
Jun  4 16:28:53 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #2: max number of retransmissions (2) reached STATE_MAIN_R1
Jun  4 16:28:56 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #3: max number of retransmissions (2) reached STATE_MAIN_R1
Jun  4 16:28:59 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #4: max number of retransmissions (2) reached STATE_MAIN_R1
Jun  4 16:28:59 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y:
deleting connection "west-pual" instance with peer y.y.y.y
{isakmp=#0/ipsec=#0}
Jun  4 16:30:01 vpn-server CRON[3017]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun  4 16:30:45 vpn-server CRON[3017]: pam_unix(cron:session): session closed for user root

==> /var/log/ntpdate.log <==
 4 Jun 16:30:45 ntpdate[3020]: step time server x.x.x.x offset -0.004801 sec
==========================log on linux when try to bring the connection up from the Mac OS:==> /var/log/auth.log <==Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [RFC 3947] method set to=109 Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  4 16:27:40 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [Dead Peer Detection]Jun  4 16:27:40 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #1: responding to Main Mode from unknown peer y.y.y.yJun  4 16:27:40 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  4 16:27:40 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #1: STATE_MAIN_R1: sent MR1, expecting MI2Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [RFC 3947] method set to=109 Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  4 16:27:43 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [Dead Peer Detection]Jun  4 16:27:43 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #2: responding to Main Mode from unknown peer y.y.y.yJun  4 16:27:43 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  4 16:27:43 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #2: STATE_MAIN_R1: sent MR1, expecting MI2Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [RFC 3947] method set to=109 Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  4 16:27:46 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [Dead Peer Detection]Jun  4 16:27:46 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #3: responding to Main Mode from unknown peer y.y.y.yJun  4 16:27:46 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  4 16:27:46 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #3: STATE_MAIN_R1: sent MR1, expecting MI2Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [RFC 3947] method set to=109 Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110Jun  4 16:27:49 vpn-server pluto[2973]: packet from y.y.y.y:500: received Vendor ID payload [Dead Peer Detection]Jun  4 16:27:49 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #4: responding to Main Mode from unknown peer y.y.y.yJun  4 16:27:49 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1Jun  4 16:27:49 vpn-server pluto[2973]: "west-pual"[1] y.y.y.y #4: STATE_MAIN_R1: sent MR1, expecting MI2==> /var/log/user.log <==Jun  4 16:27:14 vpn-server pluto: adjusting ipsec.d to /etc/ipsec.dAs you see it is hanging on: STATE_MAIN_R1: sent MR1, expecting MI2.Please let me know what i am doing wrong, so i can bring many thanks for your help.Cheers, Pual
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100604/4ccbfd88/attachment-0001.html 


More information about the Users mailing list