LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Openswan Configuration
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-27-2004, 03:39 PM   #1
neptunus
LQ Newbie
 
Registered: Sep 2004
Posts: 7

Rep: Reputation: 0
Openswan Configuration

Hi,

I'm currently trying to connect my windows notebook via ipsec to my debian-pc through my wlan.

Unfortunately my configuration is not working.

In the file /var/log/auth.log of my debian-pc I can read the following error-message:
Code:
Sep 27 17:58:56 debian pluto[6218]: "testconnection"[1] 192.168.1.2 #2: ERROR: netlink response for Add SA esp.edc9005a@192.168.1.1 included errno 2: No such file or directory
I really don't know what I can do against this error.

This is the ipsec.conf of my debian-pc:
Code:
version 2.0

config setup

conn testconnection
        auto=add
        authby=secret
        left=%any
        right=192.168.1.1
        pfs=yes
        keyingtries=0

conn testconnection-net
        auto=add
        authby=secret
        left=%any

        right=192.168.1.1
        rightsubnet=10.0.0.0/8
        rightnexthop=10.0.0.3

        pfs=yes
        keyingtries=0

include /etc/ipsec.d/examples/no_oe.conf
This is the config-file of my windows-notebook:
Code:
conn testconnection
   left=%any
   right=192.168.1.1
   
   presharedkey="password"
   auto=start
   pfs=yes

conn testconnection-net
   left=%any
   right=192.168.1.1
   rightsubnet=10.0.0.0/8
   rightnexthop=10.0.0.3
   presharedkey="password"
   auto=start
   pfs=yes
And here the ipsec-relevant entries of /var/log/auth.log:
Code:
Sep 27 17:58:24 debian ipsec__plutorun: Starting Pluto subsystem...
Sep 27 17:58:24 debian pluto[6218]: Starting Pluto (Openswan Version 2.1.3 X.509-1.4.8-1 PLUTO_USES_KEYRR)
Sep 27 17:58:24 debian pluto[6218]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Sep 27 17:58:24 debian pluto[6218]: Using Linux 2.6 IPsec interface code
Sep 27 17:58:25 debian pluto[6218]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 27 17:58:25 debian pluto[6218]:   Warning: empty directory
Sep 27 17:58:25 debian pluto[6218]: Changing to directory '/etc/ipsec.d/crls'
Sep 27 17:58:25 debian pluto[6218]:   Warning: empty directory
Sep 27 17:58:27 debian pluto[6218]: added connection description "testconnection-net"
Sep 27 17:58:28 debian pluto[6218]: added connection description "testconnection"
Sep 27 17:58:29 debian pluto[6218]: listening for IKE messages
Sep 27 17:58:29 debian pluto[6218]: adding interface wlan0/wlan0 192.168.1.1
Sep 27 17:58:29 debian pluto[6218]: adding interface eth0/eth0 10.0.0.11
Sep 27 17:58:29 debian pluto[6218]: adding interface lo/lo 127.0.0.1
Sep 27 17:58:29 debian pluto[6218]: loading secrets from "/etc/ipsec.secrets"
Sep 27 17:58:55 debian pluto[6218]: packet from 192.168.1.2:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
Sep 27 17:58:55 debian pluto[6218]: packet from 192.168.1.2:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 27 17:58:55 debian pluto[6218]: packet from 192.168.1.2:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 0
Sep 27 17:58:55 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: responding to Main Mode from unknown peer 192.168.1.2
Sep 27 17:58:55 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: transition from state (null) to state STATE_MAIN_R1
Sep 27 17:58:56 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 27 17:58:56 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: Peer ID is ID_IPV4_ADDR: '192.168.1.2'
Sep 27 17:58:56 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 27 17:58:56 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: sent MR3, ISAKMP SA established
Sep 27 17:58:56 debian pluto[6218]: "testconnection"[1] 192.168.1.2 #2: responding to Quick Mode
Sep 27 17:58:56 debian pluto[6218]: "testconnection"[1] 192.168.1.2 #2: ERROR: netlink response for Add SA esp.edc9005a@192.168.1.1 included errno 2: No such file or directory
Sep 27 17:58:56 debian pluto[6218]: "testconnection"[1] 192.168.1.2: deleting connection "testconnection" instance with peer 192.168.1.2 {isakmp=#0/ipsec=#0}
Sep 27 17:58:57 debian pluto[6218]: "testconnection-net"[1] 192.168.1.2 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x0881c6d3 (perhaps this is a duplicated packet)
Sep 27 17:59:27 debian last message repeated 4 times
I have absolutely no plan how to bring it to work proberly, so it would be nice if somebody could help me.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan debug Circuit Monkey Linux - Networking 1 06-17-2010 06:15 AM
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 11:44 AM
Openswan Evgeny Linux - Security 4 01-07-2010 11:43 AM
openswan Circuit Monkey Linux - Newbie 1 03-22-2005 02:30 PM
Openswan Evgeny Linux - Security 3 03-05-2005 03:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:06 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration