[Openswan Users] Win7 -> linux - no connection found
Kamil Jońca
kjonca at wp.pl
Sun Mar 20 04:27:25 EDT 2011
It's my first try to use Openswan, and I would connect my win7 laptop to
my linux box. Unfortunately I always got " alfa pluto[8422]: | no connection found "
I don't know if it is version issue (with debian is 2.6.28 shipped)
my ipsec.conf
--8<---------------cut here---------------start------------->8---
version 2.0
config setup
nat_traversal=yes
uniqueids=no
conn %default
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=3
conn sslvpn
type=tunnel
left=%defaultroute
# leftsendcert=ifasked
leftsubnet=192.168.1.0/24
leftid=%defaultroute
leftcert=/etc/ipsec.d/certs/alfa.kjonca.1.pem
dpdaction=clear
pfs=yes
right=%any
rightsubnetwithin=0.0.0.0/0
rightsubnet=vhost:%no,%priv
rightca=%same
auto=add
rekey=no
--8<---------------cut here---------------end--------------->8---
When I turn on plutodebug=all then I can see:
--8<---------------cut here---------------start------------->8---
2011-03-20T09:08:18.864823+01:00 alfa pluto[7727]: | find_host_connection2 called from ikev2parent_inI1outR1, me=85.222.105.11:500 him=213.158.217.117:4308 policy=IKEv2ALLOW
2011-03-20T09:08:18.864831+01:00 alfa pluto[7727]: | find_host_pair_conn (find_host_connection2): 85.222.105.11:500 213.158.217.117:4308 -> hp:none
2011-03-20T09:08:18.864916+01:00 alfa pluto[7727]: | searching for connection with policy = IKEv2ALLOW
--8<---------------cut here---------------end--------------->8---
But googling for "IKEv2ALLOW" didn't return any valuable results
And some logs:
--8<---------------cut here---------------start------------->8---
2011-03-20T09:25:02.064512+01:00 alfa pluto[11240]: Starting Pluto (Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ) pid:11240
2011-03-20T09:25:02.064788+01:00 alfa pluto[11240]: SAref support [disabled]: Protocol not available
2011-03-20T09:25:02.064991+01:00 alfa pluto[11240]: SAbind support [disabled]: Protocol not available
2011-03-20T09:25:02.065195+01:00 alfa pluto[11240]: Setting NAT-Traversal port-4500 floating to on
2011-03-20T09:25:02.065382+01:00 alfa pluto[11240]: port floating activation criteria nat_t=1/port_float=1
2011-03-20T09:25:02.065601+01:00 alfa pluto[11240]: NAT-Traversal support [enabled]
2011-03-20T09:25:02.065799+01:00 alfa pluto[11240]: using /dev/urandom as source of random entropy
2011-03-20T09:25:02.066506+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
2011-03-20T09:25:02.066711+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
2011-03-20T09:25:02.066896+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
2011-03-20T09:25:02.067079+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
2011-03-20T09:25:02.069593+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
2011-03-20T09:25:02.069895+01:00 alfa pluto[11240]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
2011-03-20T09:25:02.070082+01:00 alfa pluto[11240]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
2011-03-20T09:25:02.070383+01:00 alfa pluto[11240]: starting up 1 cryptographic helpers
2011-03-20T09:25:02.070829+01:00 alfa pluto[11240]: started helper pid=11243 (fd:7)
2011-03-20T09:25:02.076109+01:00 alfa pluto[11240]: Kernel interface auto-pick
2011-03-20T09:25:02.076482+01:00 alfa pluto[11240]: Using Linux 2.6 IPsec interface code on 2.6.35.5+1 (experimental code)
2011-03-20T09:25:02.077103+01:00 alfa pluto[11243]: using /dev/urandom as source of random entropy
2011-03-20T09:25:02.082896+01:00 alfa ipsec__plutorun: conn: "sslvpn" warning dpd settings are ignored unless both dpdtimeout= and dpddelay= are set
2011-03-20T09:25:02.221592+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
2011-03-20T09:25:02.221618+01:00 alfa pluto[11240]: ike_alg_add(): ERROR: Algorithm already exists
2011-03-20T09:25:02.221627+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
2011-03-20T09:25:02.221635+01:00 alfa pluto[11240]: ike_alg_add(): ERROR: Algorithm already exists
2011-03-20T09:25:02.221643+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
2011-03-20T09:25:02.221651+01:00 alfa pluto[11240]: ike_alg_add(): ERROR: Algorithm already exists
2011-03-20T09:25:02.221659+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
2011-03-20T09:25:02.221667+01:00 alfa pluto[11240]: ike_alg_add(): ERROR: Algorithm already exists
2011-03-20T09:25:02.221675+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
2011-03-20T09:25:02.221683+01:00 alfa pluto[11240]: ike_alg_add(): ERROR: Algorithm already exists
2011-03-20T09:25:02.221691+01:00 alfa pluto[11240]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
2011-03-20T09:25:02.297494+01:00 alfa pluto[11240]: Changed path to directory '/etc/ipsec.d/cacerts'
2011-03-20T09:25:02.297520+01:00 alfa pluto[11240]: loaded CA cert file 'ca-kaczka.kjonca.pem' (1245 bytes)
2011-03-20T09:25:02.297528+01:00 alfa pluto[11240]: Changed path to directory '/etc/ipsec.d/aacerts'
2011-03-20T09:25:02.297536+01:00 alfa pluto[11240]: Changed path to directory '/etc/ipsec.d/ocspcerts'
2011-03-20T09:25:02.297543+01:00 alfa pluto[11240]: Changing to directory '/etc/ipsec.d/crls'
2011-03-20T09:25:02.297550+01:00 alfa pluto[11240]: loaded crl file 'ca-kaczka.kjonca.srl' (524 bytes)
2011-03-20T09:25:02.298112+01:00 alfa pluto[11240]: connection must specify host IP address for our side
2011-03-20T09:25:02.298128+01:00 alfa ipsec__plutorun: 022 connection must specify host IP address for our side
2011-03-20T09:25:02.298136+01:00 alfa pluto[11240]: attempt to load incomplete connection
2011-03-20T09:25:02.298143+01:00 alfa ipsec__plutorun: 037 attempt to load incomplete connection
2011-03-20T09:25:02.338391+01:00 alfa pluto[11240]: listening for IKE messages
2011-03-20T09:25:02.338416+01:00 alfa pluto[11240]: NAT-Traversal: Trying new style NAT-T
2011-03-20T09:25:02.348005+01:00 alfa pluto[11240]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
2011-03-20T09:25:02.348031+01:00 alfa pluto[11240]: NAT-Traversal: Trying old style NAT-T
2011-03-20T09:25:02.348039+01:00 alfa pluto[11240]: adding interface lan/lan 192.168.200.200:500
2011-03-20T09:25:02.348046+01:00 alfa pluto[11240]: adding interface lan/lan 192.168.200.200:4500
2011-03-20T09:25:02.348052+01:00 alfa pluto[11240]: adding interface acn/acn 85.222.105.11:500
2011-03-20T09:25:02.348060+01:00 alfa pluto[11240]: adding interface acn/acn 85.222.105.11:4500
2011-03-20T09:25:02.348067+01:00 alfa pluto[11240]: adding interface lo/lo 127.0.0.1:500
2011-03-20T09:25:02.348074+01:00 alfa pluto[11240]: adding interface lo/lo 127.0.0.1:4500
2011-03-20T09:25:02.348081+01:00 alfa pluto[11240]: adding interface lo/lo ::1:500
2011-03-20T09:25:02.348088+01:00 alfa pluto[11240]: loading secrets from "/etc/ipsec.secrets"
2011-03-20T09:25:02.348095+01:00 alfa pluto[11240]: no secrets filename matched "/var/lib/openswan/ipsec.secrets.in"
2011-03-20T09:25:02.350174+01:00 alfa pluto[11240]: loaded private key file '/etc/ipsec.d/private/alfa.kjonca.1.key' (951 bytes)
2011-03-20T09:25:02.350200+01:00 alfa pluto[11240]: loaded private key for keyid: PPK_RSA:AwEAAcQni
2011-03-20T09:25:02.350207+01:00 alfa ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
2011-03-20T09:25:02.350215+01:00 alfa ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
2011-03-20T09:25:02.350223+01:00 alfa ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
2011-03-20T09:25:02.350231+01:00 alfa ipsec__plutorun: 003 no secrets filename matched "/var/lib/openswan/ipsec.secrets.in"
--8<---------------cut here---------------end--------------->8---
--
http://sporothrix.wordpress.com/2011/01/16/usa-sie-krztusza-kto-nastepny/
Biologia poucza, ze jeśli cię coś ugryzło, to niemal pewne, ze była to samica.
More information about the Users
mailing list