[Openswan Users] nss DH woes
subscription at kkeane.com
Tue Jul 26 06:48:06 EDT 2011
Thank you so much! The log I sent was everything that I found in /var/log/secure with plutodebug=all; the only thing I did was scramble machine names and IP addresses since that could be sensitive.
I added a report to bugzilla as #725699, but did not yet add the barf. There seems to be quite a bit of sensitive information in the barf, such as my iptables firewall configuration, my Sonicwall S/N, etc., things that I'd prefer not to have on bugzilla. Would you mind if I sent it to you by private email?
Also, when the problem actually happens, my system becomes inaccessible. I have to then turn off ipsec on the other end. So the barf does not represent the exact moment the problem occurs; I took the barf a few minutes later (with the certs causing the problem still in the database).
As for the steps I did to configure Openswan: it is the standard CentOS 5.6 Openswan RPM. openswan-2.6.21-5.el5_6.4 . So other than fiddling with the configuration, I have not done anything unusual.
Come to think about it - is it possible that this is a kernel problem? This VM runs on a Rackspace VM, with a Rackspace kernel instead of a stock CentOS kernel.
> Hello Paul, Kevin,
> I can have a look at it. Kevin can you please put a complete output of ipsec barf instead of truncated ones somewhere, may be on bugzilla.redhat.com? Also, if you can provide the exact steps you followed to configure openswan that would also help.
> Thanks and Regards
More information about the Users