[Openswan Users] Connection stuck at STATE_MAIN_I1: initiate

Hajder Rabiee hajderr at gmail.com
Wed Dec 24 14:01:56 EST 2014


Hi

As the subject says, my connection does not reach beyond the first (?)
checkpoint of
STATE_MAIN_I1

Posting a tail from syslog after initiating the 'service ipsec restart'
command.

Dec 24 19:51:08 hajder ipsec_setup: Stopping Openswan IPsec...
Dec 24 19:51:09 hajder kernel: [19268.943687] netlink: 12 bytes leftover
after parsing attributes in process `ip'.
Dec 24 19:51:09 hajder kernel: [19269.856433] NET: Unregistered protocol
family 15
Dec 24 19:51:10 hajder ipsec_setup: ...Openswan IPsec stopped
Dec 24 19:51:10 hajder ipsec_setup: Starting Openswan IPsec 2.6.37...
Dec 24 19:51:10 hajder ipsec_setup: Using KLIPS/legacy stack
Dec 24 19:51:10 hajder ipsec_setup: No KLIPS support found while requested,
desperately falling back to netkey
Dec 24 19:51:10 hajder ipsec_setup: NETKEY support found. Use
protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS.
Attempting to continue with NETKEY
Dec 24 19:51:10 hajder ipsec_setup: Using NETKEY(XFRM) stack
Dec 24 19:51:10 hajder kernel: [19270.104927] NET: Registered protocol
family 15
Dec 24 19:51:10 hajder kernel: [19270.165055] Initializing XFRM netlink
socket
Dec 24 19:51:10 hajder kernel: [19270.259102] netlink: 12 bytes leftover
after parsing attributes in process `ip'.
Dec 24 19:51:10 hajder ipsec_setup: ...Openswan IPsec started
Dec 24 19:51:10 hajder ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 24 19:51:10 hajder pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 24 19:51:10 hajder ipsec__plutorun: 002 added connection description
"vpn"
Dec 24 19:51:10 hajder ipsec__plutorun: 104 "vpn" #1: STATE_MAIN_I1:
initiate

My setup is the following

office firewall with ip <FWIP>.
Local host with IP 192.168.1.110, router 192.168.1.1

conn vpn
        authby=secret
        auto=start
        type=tunnel
        left=192.168.1.110
        leftnexthop=192.168.1.1
        right=<FWIP>

The PSK is configured in ipsec.secrets as
%any <FWIP> : PSK "key"


The VPN connection works fine from OSX by only supplying the FWIP and
shared secret.

Any ideas?


-- 
Med vänliga hälsningar / Best Regards
Hajder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141224/80296b49/attachment.html>


More information about the Users mailing list