Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > users > 03 > 020004.html (Request Expert lists.freeswan.org Support)

Re: [Users] freeswan configuration issue (at least i hope so)

From: Sam Sgro <sam(at)freeswan.org>
Date: Thu Feb 13 2003 - 16:38:13 EST


-----BEGIN PGP SIGNED MESSAGE----- On Thu, 13 Feb 2003, Florian Maier wrote:

> Feb 13 16:34:45 s15113721 pluto[750]: | ***parse ISAKMP Security Association
> Payload:
> Feb 13 16:34:45 s15113721 pluto[750]: | next payload type:
> ISAKMP_NEXT_NONE
> Feb 13 16:34:45 s15113721 pluto[750]: | length: 148
> Feb 13 16:34:45 s15113721 pluto[750]: | DOI: ISAKMP_DOI_IPSEC
> Feb 13 16:34:45 s15113721 pluto[750]: packet from 62.157.124.243:500:
> initial Main Mode message received on 217.160.143.112:50
> 0 but no connection has been authorized
> Feb 13 16:34:45 s15113721 pluto[750]: | next event EVENT_SHUNT_SCAN in 68
> seconds

I think you've got all the debugging options on, thus you cannot see the forest for the trees. :)

Taking a look through your barf, the problem is that the connection is never added to Pluto's database. (You can see this in the output, or lack thereof, of "ipsec auto --status".) Digging through /var/log/secure, you see this error:

Feb 13 16:11:51 s15113721 ipsec__plutorun: ipsec_auto: fatal error in "dts-schlund": %defaultroute requested but not known

Here is the connection:

conn dts-schlund 

        type=tunnel
        keylife=1h
        rekey=yes
        ikelifetime=8h
        left=217.160.143.112
        #leftsubnet=192.168.101.0/24
        leftnexthop=%defaultroute
        right=62.157.124.243
        leftsubnet=192.168.101.0/24
        rightnexthop=%defaultroute
        keyexchange=ike
        auth=esp
        pfs=no
        #authorisieren und mit dem dienst starten
        auto=start

You refer to %defaultroute for your values of nexthop: however, you're not using interfaces=%defaultroute!

Do you need help?X

config setup

        interfaces="ipsec0=eth0"

Looking at your barf, you do have a default gateway as you're a single host. So, change this to "interfaces=%defaultroute" and you should be fine. Until the next error, at least. :)

  • -- Sam Sgro sam@freeswan.org

-----BEGIN PGP SIGNATURE----- 

Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPkwQR0OSC4btEQUtAQEwgQQAyBq6XR7lSNXL8YzWvdBEOsPYkegjR8NW ToUWDe1Lt/8C52QFq/ft4OgIyGQxwvCMuWvBWsb+lX7CkItguz/+kc06oQGKo+mG Gp64e6qwpw9i3Fp/vFrE99LkWLnJjLggj0tkLdR6+nuqTHFKtaAuZASQ8Clgw5Os +7unc7Qflvg=
=MgVh
-----END PGP SIGNATURE-----


Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Thu Feb 13 17:47:10 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:15 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library