[Openswan Users] Problem with newly rebuilt Centos box and open Swan

Bart Smink bartsmink at gmail.com
Wed Feb 19 10:25:08 EST 2014


It indeed doesn't have anything to do with DDNS, why they name it that way
I don't know. I found this:
http://www.archivum.info/users@openswan.org/2009-07/00161/%28Openswan-Users%29-Problem-with-ipsec-connection.html

There it was a NAT problem. You can try the forceencaps=yes option.

I would recommend using Libreswan, it is more actively being developed at
the moment. The older version has a vulnerability that has been resolved in
the newest version of Libreswan. The test incomplete message is normal, I
get that as well.

Greetings,

Bart


2014-02-19 15:35 GMT+01:00 Sean Smith <ssmith at nanb.nb.ca>:

> No ... I am not using DDNS.
>
>
>
> Do you think I should continue down the libreswan path or try and use the
> same version of openSwan I had been successful with?
>
>
>
> I can send the configuration file for openSwan ... I have not touched any
> libresawn config files. I am going to go have a read about libreswan now.
>
>
>
> I was also concerned with the NAT problem during verify but had no luck
> searching the net on this.
>
>
>
> Checking NAT and MASQUERADEing                        [TEST INCOMPLETE]
>
>
>
>
>
>
>
>
>
>
>
> *From:* Bart Smink [mailto:bartsmink at gmail.com]
> *Sent:* February-19-14 10:24 AM
> *To:* Sean Smith
> *Cc:* users at lists.openswan.org
> *Subject:* Re: [Openswan Users] Problem with newly rebuilt Centos box and
> open Swan
>
>
>
> Hello Sean,
>
>
>
> Could you send the config files of Libreswan? It seems to be a problem
> with DDNS. Are you using that on your server for a dynamic WAN IP address?
>
>
>
> You're using libreswan, not Openswan, its a newer fork of Openswan and has
> a different mailing list. Don't know whether you'll get much response here.
>
>
>
> Greetings,
>
>
>
> Bart
>
>
> On Wednesday, February 19, 2014, Sean Smith <ssmith at nanb.nb.ca> wrote:
>
> Hi all. I recently have been rebuilding a new Centos serer to replace an
> existing one.
>
> I use this server as a backup device and then push my backups to a remote
> spot via and IPSec VPN tunnel.
>
>
>
> It has been working. However, my newly built box using the same
> configuration file will not connect.
>
>
>
> My IPSec verify is below.
>
> -------
>
> Verifying installed system and configuration files
>
> Version check and ipsec on-path                       [OK]
> Libreswan 3.7 (netkey) on 3.12.7-200.fc19.x86_64
> Checking for IPsec support in kernel                  [OK]
>  NETKEY: Testing XFRM related proc values
>          ICMP default/send_redirects                  [OK]
>          ICMP default/accept_redirects                [OK]
>          XFRM larval drop                             [OK]
> Pluto ipsec.conf syntax                               [OK]
> Hardware random device                                [N/A]
> Two or more interfaces found, checking IP forwarding    [OK]
> Checking rp_filter                                    [OK]
> Checking that pluto is running                        [OK]
>  Pluto listening for IKE on udp 500                   [OK]
>  Pluto listening for IKE/NAT-T on udp 4500            [OK]
>  Pluto ipsec.secret syntax                            [OK]
> Checking NAT and MASQUERADEing                        [TEST INCOMPLETE]
> Checking 'ip' command                                 [OK]
> Checking 'iptables' command                           [OK]
> Checking 'prelink' command does not interfere with FIPS    [PRESENT]
> Checking for obsolete ipsec.conf options              [OK]
> Opportunistic Encryption                              [DISABLED]
> --------
>
>
>
> Also, in the secure and messages files I can see that Phase 1 completes,
> but it seems to get stuck on EVENT_PENDING_DDNS. It does queue up
> EVENT_PENDING_PHASE2 but never gets by the DDNS.
>
>
>
> Any suggestions are greatl appreciated.
>
>
>
> Feb 19 09:45:31 localhost pluto[8835]: | * processed 0 messages from
> cryptographic helpers
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: |
> Feb 19 09:45:31 localhost pluto[8835]: | *received whack message
> Feb 19 09:45:31 localhost pluto[8835]: initiating all conns with
> alias='aliantVPN'
> Feb 19 09:45:31 localhost pluto[8835]: | * processed 0 messages from
> cryptographic helpers
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | next event EVENT_PENDING_DDNS in
> 59 seconds
> Feb 19 09:45:31 localhost pluto[8835]: | reaped addconn helper child
>
>
>
> --
> **** DISCLAIMER ****
>
> "This e-mail and any attachment thereto may contain information which is
> confidential and/or protected by intellectual property rights and are
> intended for the sole use of the recipient(s) named above.
> Any use of the information contained herein (including, but not limited
> to, total or partial reproduction, communication or distribution in any
> form) by other persons than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender either
> by telephone or by e-mail and delete the material from any computer".
>
> Thank you for your cooperation.
>
> *------------------*
>
>
> *Nurses Association of New Brunswick**Association des infirmières et
> infirmiers du Nouveau-Brunswick*
>
>
>
>
>
> *165 Regent Street / 165, rue RegentFredericton, N.B. / Fredericton,
> N.-B.E3B 7B4Tel. /. Tél.: 506-458-8731 <506-458-8731>*www.nanb.nb.ca /
> *www.aiinb.nb.ca* <http://www.aiinb.nb.ca>
>
> This email message (including any attachments, if any) is confidential and
> may be privileged. Any unauthorized distribution or disclosure is
> prohibited. If you have received this e-mail in error, please notify us and
> delete it and any attachments from your computer systems and records.
>
> Ce courriel (y compris les pièces jointes) est confidentiel et peut être
> protégé. La distribution ou la divulgation non autorisée de ce courriel est
> interdite. Si vous avez reçu ce courriel par erreur, veuillez nous en
> aviser et supprimer ce courriel, ainsi que les pièces jointes, de votre
> système informatique et de vos dossiers.
>
> *19/2/2014*
>
> *------------------*
>  <#1444a926cd034df2_>
>



-- 
**** DISCLAIMER ****

"This e-mail and any attachment thereto may contain information which is
confidential and/or protected by intellectual property rights and are
intended for the sole use of the recipient(s) named above.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form)
by other persons than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either
by telephone or by e-mail and delete the material from any computer".

Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140219/ee430279/attachment-0001.html>


More information about the Users mailing list