[Openswan Users] rekey=no && cannot install eroute

Michael.Karlinsky at tieto.com Michael.Karlinsky at tieto.com
Tue Mar 16 08:56:33 EDT 2010


Hi Paul,

I double checked, rekey=no and auto=add is configured in ipsec.conf. Besides rekey=no is visible in log files:

Mar 15 11:04:53 ipsectest pluto[305]: "vpnk"[2] 172.30.64.140 #2: IPsec SA expired (--dontrekey)

NAT-Port did not change. I use a DLINK DI-524 as NAT device and checked the available info there. All seems OK to me.

As to the question about ipsec on DUT. The problem is, it is 3rd party software/hardware which we are evaluating/testing, so we have limited information about the internal workings.

All I can do ATM is provide a logfile with plutodebug=all enabled, if necessary.


Michael
________________________________________
From: Paul Wouters [paul at xelerance.com]
Sent: Tuesday, March 16, 2010 3:25 AM
To: Karlinsky Michael
Cc: users at openswan.org
Subject: Re: [Openswan Users] rekey=no && cannot install eroute

On Mon, 15 Mar 2010, Michael.Karlinsky at tieto.com wrote:

> Hi Paul,
>
> after fixing two compile errors, I managed to install newest OpenSwan from git.
> But unfortunately I get the same error message, see below.
>
> The DUT is based on Free BSD, as far as I know. Maybe I can get some more specific info.

hmm it looks like there are multiple attempts for the same connection fighting. Can
you make sure you have rekey=no and auto=add, and start the ipsec on your "DUT" once?

I am not sure why openswan is not recognising this to be the same connection. Did the
NAT port change?

Paul


More information about the Users mailing list