[Openswan Users] netkey openswan Hardware Acceleration

Ozai ozai.tien at gmail.com
Thu May 24 05:47:06 EDT 2012


Sorry,re-sent it.
  ----- Original Message ----- 
  From: Ozai 
  To: users at lists.openswan.org 
  Sent: Thursday, May 24, 2012 5:44 PM
  Subject: [Openswan Users] netkey openswan Hardware Acceleration


  Dear Sirs,

  About the openswan with netkey stack,I ever tried it before.But it's failed.
  PC1 can ping to PC2 but PC2 can not ping to PC1. I do not know what the 
  procedures I lost.Could someone help me on this question?thank's.
  ====================================
  <My test environment>
  PC1----------------GW1(ipsec-tool)------------------GW2(openswan)-------------PC2
  192.168.6.1        172.17.21.87                     172.17.21.80             192.168.1.100
  ================================
  <ipsec.conf >
  config setup
   interfaces=%defaultroute
   oe=off
   protostack=netkey

  conn %default
    connaddrfamily=ipv4
    keyexchange=ike
    ike=3des-md5;modp1024
    phase2alg=3des-md5;modp1024
    auth=esp
    type=tunnel
    authby=secret
    auto=start

  conn sample
    left=172.17.21.80
    leftsubnet=192.168.1.0/24
    right=172.17.21.87
    rightsubnet=192.168.6.0/24
  ==============================
  <ipsec.secrets>
  172.17.21.80 172.17.21.87 : PSK "12345"
  ========================================
  <Kernel feature>
  CONFIG_XFRM=y
  CONFIG_XFRM_USER=m
  CONFIG_XFRM_MIGRATE=y
  CONFIG_NET_KEY=y
  CONFIG_NET_KEY_MIGRATE=y
  ========================================
  <log>
  Jan  1 00:02:30 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...
  Jan  1 00:02:31 daemon err ipsec_setup: Using NETKEY(XFRM) stack
  Jan  1 00:02:33 authpriv err ipsec__plutorun: Starting Pluto subsystem...
  Jan  1 00:02:33 daemon err ipsec_setup: ...Openswan IPsec started
  Jan  1 00:02:34 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
  Jan  1 00:02:34 user warn syslog: adjusting ipsec.d to /var/ipsec.d
  Jan  1 00:02:34 authpriv warn pluto[1568]: LEAK_DETECTIVE support [disabled]
  Jan  1 00:02:34 authpriv warn pluto[1568]: OCF support for IKE [disabled]
  Jan  1 00:02:34 authpriv warn pluto[1568]: NSS support [disabled]
  Jan  1 00:02:34 authpriv warn pluto[1568]: HAVE_STATSD notification support not compiled in
  Jan  1 00:02:34 authpriv warn pluto[1568]: Setting NAT-Traversal port-4500 floating to off
  Jan  1 00:02:34 authpriv warn pluto[1568]:    port floating activation criteria nat_t=0/port_float=1
  Jan  1 00:02:34 authpriv warn pluto[1568]:    NAT-Traversal support  [disabled]
  Jan  1 00:02:34 authpriv warn pluto[1568]: using /dev/urandom as source of random entropy
  Jan  1 00:02:34 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  Jan  1 00:02:34 authpriv warn pluto[1568]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
  Jan  1 00:02:34 authpriv warn pluto[1568]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
  Jan  1 00:02:34 authpriv warn pluto[1568]: starting up 1 cryptographic helpers
  Jan  1 00:02:34 authpriv warn pluto[1583]: using /dev/urandom as source of random entropy
  Jan  1 00:02:34 authpriv warn pluto[1568]: started helper pid=1583 (fd:6)
  Jan  1 00:02:34 authpriv warn pluto[1568]: Using Linux 2.6 IPsec interface code on 2.6.30 (experimental code)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
  Jan  1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
  Jan  1 00:02:37 authpriv warn pluto[1568]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
  Jan  1 00:02:37 authpriv warn pluto[1568]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
  Jan  1 00:02:37 authpriv warn pluto[1568]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
  Jan  1 00:02:37 authpriv warn pluto[1568]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
  Jan  1 00:02:37 authpriv warn pluto[1568]: added connection description "sample"
  Jan  1 00:02:37 daemon err ipsec__plutorun: 002 added connection description "sample"
  Jan  1 00:02:37 authpriv warn pluto[1568]: listening for IKE messages
  Jan  1 00:02:37 authpriv warn pluto[1568]: adding interface eth0.1/eth0.1 172.17.21.80:500
  Jan  1 00:02:37 authpriv warn pluto[1568]: adding interface br0/br0 192.168.1.254:500
  Jan  1 00:02:37 authpriv warn pluto[1568]: adding interface lo/lo 127.0.0.1:500
  Jan  1 00:02:37 authpriv warn pluto[1568]: adding interface lo/lo ::1:500
  Jan  1 00:02:37 authpriv warn pluto[1568]: loading secrets from "/var/ipsec.secrets"
  Jan  1 00:02:38 authpriv warn pluto[1568]: "sample" #1: initiating Main Mode
  Jan  1 00:02:38 daemon err ipsec__plutorun: 104 "sample" #1: STATE_MAIN_I1: initiate
  Jan  1 00:02:38 authpriv warn pluto[1568]: "sample" #1: received Vendor ID payload [Dead Peer Detection]
  Jan  1 00:02:38 authpriv warn pluto[1568]: "sample" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  Jan  1 00:02:38 authpriv warn pluto[1568]: "sample" #1: STATE_MAIN_I2: sent MI2, expecting MR2
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #1: STATE_MAIN_I3: sent MI3, expecting MR3
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #1: Main mode peer ID is ID_IPV4_ADDR: '172.17.21.87'
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
  Jan  1 00:02:39 authpriv warn pluto[1568]: "sample" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:eef2291d proposal=3DES(3)_192-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1024}
  ========================================
  <test step>
  When wan interface up
  1.configuration ipsec.conf
  2.configuration ipsec.secrets
  3.ipsec setup start


  Best Regards,
  Ozai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120524/fbd53d68/attachment-0001.html>


More information about the Users mailing list