[Openswan Users] esp string error: enc_alg not found

Steve Zeng SteveZ at airg.com
Tue May 18 14:22:08 EDT 2010


I manully configured the tunnel interface and I now can ping the other peer. 

# tunl0 for openswan
DEVICE=tunl0
BOOTPROTO=static
IPADDR=169.254.255.2
NETMASK=255.255.255.252
ONBOOT=yes

Thanks Paul, I appreciate your help. 

Steve

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Steve Zeng
Sent: May 18, 2010 10:53 AM
To: Paul Wouters
Cc: users at openswan.org
Subject: Re: [Openswan Users] esp string error: enc_alg not found

It turns out that the problem is the pre-shared key. After re-create it again. Now I got one more step further. I see something like "IPsec SA established" and "ISAKMP SA established" when I run "ipsec auto --status".

000 #2: "ec2-tunnel-01":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2098s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "ec2-tunnel-01" esp.91e019af at 72.21.209. esp.c948fbc8 at 209.90.164.199 tun.0 at 72.21.109.125 tun.0 at 209.90.164.199 ref=0 refhim=4294901761
000 #1: "ec2-tunnel-01":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27682s; newest ISAKMP; lastdpd=2s(seq in:17821 out:0); idle; import:admin initiate
000


>As stated numerous times now. Openswan will NOT GIVE you a tunnel interface.
I understand that openswan will not give me a tunnel interface. I am not sure if I need to create a tunnel interface as below or not. I could give it a try, though.
/etc/sysconfig/network-scripts/ifcfg-tunl0
# tunl0 for IPIP and LVS-TUN
DEVICE=tunl0
BOOTPROTO=static
IPADDR=204.92.101.25
NETMASK=255.255.255.255
ONBOOT=yes

Thanks for your hints, paul. 

Steve

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Steve Zeng
Sent: May 18, 2010 10:29 AM
To: Paul Wouters
Cc: users at openswan.org
Subject: Re: [Openswan Users] esp string error: enc_alg not found

Right. I recreated a new preshared key already. Thanks, paul. 

Steve

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: May 18, 2010 9:55 AM
To: Steve Zeng
Cc: users at openswan.org
Subject: RE: [Openswan Users] esp string error: enc_alg not found

On Tue, 18 May 2010, Steve Zeng wrote:

> Unfortunetely there is nothing I can configure on amazon side. All I got is the following instruction. So I think there maybe something missing on my side. Because I did not figured out the tunnel interface part yet. i.e. there is no tunnel interface up. or maybe I am in a dead corner?

As stated numerous times now. Openswan will NOT GIVE you a tunnel interface.

>  - Authentication Method    : Pre-Shared Key
>  - Pre-Shared Key           : jjwzQIHrPjr.ec31DU_ZGvucsE5lVikIZDZcqAkm

Anyone with access to the mailing list can now connect to that machine. I suggest
you immediately contact the remote sysadmin and change the Pre-Shared Key!!

> The Customer Gateway inside IP address should be configured on your tunnel
> interface.

That will require a leftsubnet= option on your end.

Paul
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list