[Openswan Users] OpenSWAN Install Issues

Steven Lokie steven.lokie at imemories.com
Wed Mar 27 19:00:00 UTC 2013


Hello All,

New to the users list and new to OpenSWAN,  trying to get a VPN
Connection working 

When I run the commands I get:
[root at vpn02 ~]# ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.32/K2.6.18-348.3.1.el5 (netkey)
Checking for IPsec support in kernel                        	[OK]
 SAref kernel support                                       	[N/A]
 NETKEY:  Testing for disabled ICMP send_redirects          	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking that pluto is running                              	[OK]
 Pluto listening for IKE on udp 500                         	[OK]
 Pluto listening for NAT-T on udp 4500                      	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[OK]
Checking for 'ip' command                                   	[OK]
Checking /bin/sh is not /bin/dash                           	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]

[root at vpn02 ~]# service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.18-348.3.1.el5...
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set
in /proc/sys/crypto/fips_enabled
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set
in /proc/sys/crypto/fips_enabled




the logs show this:

Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [RFC 3947] method set to=109 
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110 
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 19 13:54:06 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:20834:
received Vendor ID payload [Dead Peer Detection]
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer
is NATed
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
Main mode peer ID is ID_IPV4_ADDR: '10.69.xxx.xxx'
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[1] xxx.xxx.xxx.xxx #1:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx
{isakmp=#0/ipsec=#0}
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
new NAT mapping for #1, was xxx.xxx.xxx.xxx:20834, now
xxx.xxx.xxx.xxx:51460
Mar 19 13:54:06 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.69.xxx.xxx/32:17/0
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
responding to Quick Mode proposal {msgid:51573a4a}
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
them: xxx.xxx.xxx.xxx[10.69.xxx.xxx,+S=C]:17/61961===10.69.xxx.xxx/32
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 19 13:54:07 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 19 13:54:08 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #2:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0714605d
<0xe14417ad xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:51460
DPD=none}
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
received Delete SA(0x0714605d) payload: deleting IPSEC State #2
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
received and ignored informational message
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx #1:
received Delete SA payload: deleting ISAKMP State #1
Mar 19 13:54:28 vpn02 pluto[2208]: "L2TP-PSK-NAT"[2] xxx.xxx.xxx.xxx:
deleting connection "L2TP-PSK-NAT" instance with peer xxx.xxx.xxx.xxx
{isakmp=#0/ipsec=#0}
Mar 19 13:54:28 vpn02 pluto[2208]: packet from xxx.xxx.xxx.xxx:51460:
received and ignored informational message

Any help please!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130327/4f67f608/attachment-0001.html>


More information about the Users mailing list