[Swan] 3.1 rpm package

Nick Howitt n1ck.h0w1tt at gmail.com
Sat Mar 16 23:12:37 EET 2013 

Paul,

"ipsec auto --replace MumIn" gives:
Mar 16 11:40:29 server pluto[10870]: "MumIn": deleting connection
Mar 16 11:40:29 server pluto[10870]: added connection description "MumIn"
Bringing the conn up is irrelevant as right=%any. This is from earlier. 
I will try later (tomorrow?) with a lower case conn. Will it help if I 
do something like set plutodebug=controlmore?

Is the SElinux bit relevant as the identical set of files work with 
Openswan? Again I can try later by bring the conn into /etc/ipsec.conf.

Regards,

Nick

On 16/03/2013 19:00, Paul Wouters wrote:
>
> On Sat, 16 Mar 2013, Nick Howitt wrote:
>
>> I have installed it and with identical configs to openswan all I get 
>> in my logs is:
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> received Vendor ID payload [Dead Peer Detection]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> received Vendor ID payload [RFC 3947]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> ignoring Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-03]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> ignoring Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02_n]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> ignoring Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-00]
>> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500: 
>> initial Main Mode message received on
>> 82.19.147.85:500 but no connection has been authorized with policy=PSK
>
> Did your connection load at all?
>
>> # Tunnels defined in separate files
>> #----------------------------------
>>
>> include /etc/ipsec.d/ipsec.*.conf
>
> Note older SElinux policies broke using include files. If you don't have
> the latest selinux policy package, and selinux is running in enforcing
> mode, this might cause your include files to not be used.
>
>> One of the sub files, /etc/ipsec.d/ipsec.unmanaged.MumIn.conf, is:
>> conn MumIn
>
> What's the output of: ipsec auto --add MumIn and: ipsec auto --up MumIn
>
> Paul

More information about the Swan mailing list