[Openswan Users] Connection stuck at STATE_MAIN_I1: initiate
Hajder Rabiee
hajderr at gmail.com
Wed Dec 24 14:01:56 EST 2014
Hi
As the subject says, my connection does not reach beyond the first (?)
checkpoint of
STATE_MAIN_I1
Posting a tail from syslog after initiating the 'service ipsec restart'
command.
Dec 24 19:51:08 hajder ipsec_setup: Stopping Openswan IPsec...
Dec 24 19:51:09 hajder kernel: [19268.943687] netlink: 12 bytes leftover
after parsing attributes in process `ip'.
Dec 24 19:51:09 hajder kernel: [19269.856433] NET: Unregistered protocol
family 15
Dec 24 19:51:10 hajder ipsec_setup: ...Openswan IPsec stopped
Dec 24 19:51:10 hajder ipsec_setup: Starting Openswan IPsec 2.6.37...
Dec 24 19:51:10 hajder ipsec_setup: Using KLIPS/legacy stack
Dec 24 19:51:10 hajder ipsec_setup: No KLIPS support found while requested,
desperately falling back to netkey
Dec 24 19:51:10 hajder ipsec_setup: NETKEY support found. Use
protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS.
Attempting to continue with NETKEY
Dec 24 19:51:10 hajder ipsec_setup: Using NETKEY(XFRM) stack
Dec 24 19:51:10 hajder kernel: [19270.104927] NET: Registered protocol
family 15
Dec 24 19:51:10 hajder kernel: [19270.165055] Initializing XFRM netlink
socket
Dec 24 19:51:10 hajder kernel: [19270.259102] netlink: 12 bytes leftover
after parsing attributes in process `ip'.
Dec 24 19:51:10 hajder ipsec_setup: ...Openswan IPsec started
Dec 24 19:51:10 hajder ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 24 19:51:10 hajder pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 24 19:51:10 hajder ipsec__plutorun: 002 added connection description
"vpn"
Dec 24 19:51:10 hajder ipsec__plutorun: 104 "vpn" #1: STATE_MAIN_I1:
initiate
My setup is the following
office firewall with ip <FWIP>.
Local host with IP 192.168.1.110, router 192.168.1.1
conn vpn
authby=secret
auto=start
type=tunnel
left=192.168.1.110
leftnexthop=192.168.1.1
right=<FWIP>
The PSK is configured in ipsec.secrets as
%any <FWIP> : PSK "key"
The VPN connection works fine from OSX by only supplying the FWIP and
shared secret.
Any ideas?
--
Med vänliga hälsningar / Best Regards
Hajder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141224/80296b49/attachment.html>
More information about the Users
mailing list