[Swan] Need debugging pointer between libreswan and ASA5550
Philippe Vouters
philippe.vouters at laposte.net
Fri Mar 8 13:34:30 EET 2013
To add to Paul's remark, I am not quite sure whether oe=off is indeed
correct. I would rather set it to oe=no.
Regards,
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
Le 08/03/2013 03:16, Paul Wouters a écrit :
> On Thu, 7 Mar 2013, T.J. Yang wrote:
>
>> I am testing if a existing openswan connection between centos6.3 and
>> Cisco ASA5550 can be switched to libreswan.
>> ASA550 has logging send centos 6 rsyslog server.Same left
>> machine(x.x.x.5) using openswan can make connection ok.
>> And it logged the successful IPSec connection in the rsyslog file.
>>
>> But once I switched over to libreswan using same config file. I got
>> very little error message from /var/log/ipsec.log about the
>> connection centos-asa.o
>> And on ASA side there is no attempt of connection shown.
>>
>>
>>
>> /etc/ipsec.conf
>> version 2.0
>> config setup
>> plutodebug="control parsing"
>> dumpdir=/var/run/pluto/
>> nat_traversal=yes
>> #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>>
>> oe=off
>> protostack=netkey
>> plutostderrlog=/var/log/ipsec.log
>
> Remove that empty line above oe=off because now your last three lines
> are not being read as part of "config setup"
>
>> Can some one provide me the debugging pointers ?
>> I feel like the "conn centos-asa" part was not loaded in
>> /etc/ipsec.conf at all
>
> If you do: ipsec auto --add centos-asa you would see any error tha
> caused the connection to fail to load.
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
More information about the Swan
mailing list