[Openswan Users] Fedora with netkey and freeswan with klips

Willie Gillespie wgillespie+openswan at es2eng.com
Mon Jan 17 06:12:28 EST 2011


On 01/16/2011 02:46 AM, Bob Miller wrote:
> On Sun, 2011-01-16 at 05:54 +0000, Alex wrote:
>> Two or more interfaces found, checking IP forwarding            [FAILED]
>
> I see you have subnets in your config, that probably means you need ip
> forwarding.  But I doubt that is why you are not connecting...
>
>> Jan 15 16:01:20 fc14 ipsec__plutorun: 104 "VPN-MYNET-REMNET" #1: STATE_MAIN_I1:
>> initiate
>
> Are you are sure your boxes are talking to each other?  iptables
> blocking port 500 maybe?

+1 to Bob's advice here.
Check your packet filter for both udp port 500 and IP protocol 50 (esp), 
both ingoing and outgoing traffic.
You see the openswan box sending out an initial packet here, but it 
never logs that it gets any response.
If it's being upgraded from an old Freeswan/KLIPS than the iptables 
config may reference things like ipsec0 which won't exist in your NETKEY 
setup.

iptables -L may be helpful here.


More information about the Users mailing list