[Swan] Need debugging pointer between libreswan and ASA5550

Philippe Vouters philippe.vouters at laposte.net
Fri Mar 8 13:34:30 EET 2013


To add to Paul's remark, I am not quite sure whether oe=off is indeed 
correct. I would rather set it to oe=no.

Regards,

Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 08/03/2013 03:16, Paul Wouters a écrit :
> On Thu, 7 Mar 2013, T.J. Yang wrote:
>
>> I am testing if a existing openswan connection between centos6.3 and 
>> Cisco ASA5550 can be switched to libreswan.
>> ASA550 has logging send centos 6 rsyslog server.Same left 
>> machine(x.x.x.5)  using openswan can make connection ok.
>> And it logged the successful IPSec connection in the rsyslog file.
>>
>> But once I switched over to libreswan using same config file. I got 
>> very little error message from /var/log/ipsec.log about the
>> connection centos-asa.o
>> And on ASA side there is no attempt of connection shown.
>>
>>
>>
>> /etc/ipsec.conf
>> version 2.0
>> config setup
>>         plutodebug="control parsing"
>>         dumpdir=/var/run/pluto/
>>         nat_traversal=yes
>> #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
>>
>>         oe=off
>>         protostack=netkey
>>         plutostderrlog=/var/log/ipsec.log
>
> Remove that empty line above oe=off because now your last three lines
> are not being read as part of "config setup"
>
>> Can some one provide me the debugging pointers ?
>> I feel like the "conn centos-asa" part was not loaded in 
>> /etc/ipsec.conf at all
>
> If you do: ipsec auto --add centos-asa you would see any error tha
> caused the connection to fail to load.
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>



More information about the Swan mailing list