[Openswan Users] pluto won't talk over port 500 on very old system
Neal Murphy
neal.p.murphy at alum.wpi.edu
Fri Aug 23 04:29:32 UTC 2013
Howdy!
I've been preparing Smoothwall Express v3.1 for some time. (Linux 3.4, GCC
4.7, Openswan 2.6.38, et alia). IPSEC has been working well between newer
systems during my testing all along. Atoms, Athlons and PhenomIIs all behave
well. VPNs come up right away, no troubles. Express 3.1 still uses only the
old "ike=3des-md5" and "esp=3des-md5". (Yes, this really needs to be
modernized.)
But I just ran into a problem I don't understand. A user has a Latitude C510
(PIII-1200) that won't bring up VPN; but a marginally newer D600 (Celeron)
does work. So I finally loaded 3.1-rc2 onto a year 2000 Gateway (PIII-600).
And pluto doesn't want to talk over port 500 (ISAKMP). The same ISO installed
on a PhenomII in KVMs (32- and 64-bit) work fine. I think I can rule out bad
hardware.
I do see pluto respond with its "Huh?" packet when it receives a bogus packet
on UDP port 500. But it never acknowledges the STATE_MAIN_I1 packets it
receives, and I think it almost never sends any packets out. That is, it
doesn't 'speak the protocol'.
I *think* I see that the old Gateway does not load some of the crypto modules.
I suspect it is related to the ARCH I use to build the system, and/or how the
kernel is built. But I'm really at a loss.
Do any of you have any clues, any pointers? Ever run into something like this
before? Any thoughts as to why pluto on an old PIII would silently not
communicate over port 500, but does work well on newer CPUs?
Thanks,
Neal
More information about the Users
mailing list