[Openswan Users] Problem with newly rebuilt Centos box and open Swan

Bart Smink bartsmink at gmail.com
Wed Feb 19 09:24:19 EST 2014


Hello Sean,

Could you send the config files of Libreswan? It seems to be a problem with
DDNS. Are you using that on your server for a dynamic WAN IP address?

You're using libreswan, not Openswan, its a newer fork of Openswan and has
a different mailing list. Don't know whether you'll get much response here.

Greetings,

Bart

On Wednesday, February 19, 2014, Sean Smith <ssmith at nanb.nb.ca> wrote:

> Hi all. I recently have been rebuilding a new Centos serer to replace an
> existing one.
>
> I use this server as a backup device and then push my backups to a remote
> spot via and IPSec VPN tunnel.
>
>
>
> It has been working. However, my newly built box using the same
> configuration file will not connect.
>
>
>
> My IPSec verify is below.
>
> -------
>
> Verifying installed system and configuration files
>
> Version check and ipsec on-path                       [OK]
> Libreswan 3.7 (netkey) on 3.12.7-200.fc19.x86_64
> Checking for IPsec support in kernel                  [OK]
>  NETKEY: Testing XFRM related proc values
>          ICMP default/send_redirects                  [OK]
>          ICMP default/accept_redirects                [OK]
>          XFRM larval drop                             [OK]
> Pluto ipsec.conf syntax                               [OK]
> Hardware random device                                [N/A]
> Two or more interfaces found, checking IP forwarding    [OK]
> Checking rp_filter                                    [OK]
> Checking that pluto is running                        [OK]
>  Pluto listening for IKE on udp 500                   [OK]
>  Pluto listening for IKE/NAT-T on udp 4500            [OK]
>  Pluto ipsec.secret syntax                            [OK]
> Checking NAT and MASQUERADEing                        [TEST INCOMPLETE]
> Checking 'ip' command                                 [OK]
> Checking 'iptables' command                           [OK]
> Checking 'prelink' command does not interfere with FIPS    [PRESENT]
> Checking for obsolete ipsec.conf options              [OK]
> Opportunistic Encryption                              [DISABLED]
> --------
>
>
>
> Also, in the secure and messages files I can see that Phase 1 completes,
> but it seems to get stuck on EVENT_PENDING_DDNS. It does queue up
> EVENT_PENDING_PHASE2 but never gets by the DDNS.
>
>
>
> Any suggestions are greatl appreciated.
>
>
>
> Feb 19 09:45:31 localhost pluto[8835]: | * processed 0 messages from
> cryptographic helpers
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: |
> Feb 19 09:45:31 localhost pluto[8835]: | *received whack message
> Feb 19 09:45:31 localhost pluto[8835]: initiating all conns with
> alias='aliantVPN'
> Feb 19 09:45:31 localhost pluto[8835]: | * processed 0 messages from
> cryptographic helpers
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | reaped addconn helper child
>


-- 
**** DISCLAIMER ****

"This e-mail and any attachment thereto may contain information which is
confidential and/or protected by intellectual property rights and are
intended for the sole use of the recipient(s) named above.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form)
by other persons than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either
by telephone or by e-mail and delete the material from any computer".

Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140219/cc8ad3b9/attachment.html>


More information about the Users mailing list