[Swan] 3.1 rpm package

Nick Howitt n1ck.h0w1tt at gmail.com
Wed Mar 20 17:06:33 EET 2013 

Paul,

I replied to this on Sunday but it had a nearly 2MB attachment from 
plutodebug so it is waiting for moderator approval, but you should have 
received a direct copy. Have you received your copy?

If I remove all the:
Mar 17 14:41:45 server pluto[32128]: | *received whack message
Mar 17 14:41:45 server pluto[32128]: | kernel_alg_esp_enc_ok(12,0): 
alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 17 14:41:45 server pluto[32128]: | 
kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
Mar 17 14:41:45 server pluto[32128]: | kernel_alg_esp_enc_ok(12,0): 
alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 17 14:41:45 server pluto[32128]: | 
kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Mar 17 14:41:45 server pluto[32128]: | kernel_alg_esp_enc_ok(12,0): 
alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 17 14:41:45 server pluto[32128]: | 
kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
Mar 17 14:41:45 server pluto[32128]: | kernel_alg_esp_enc_ok(12,0): 
alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 17 14:41:45 server pluto[32128]: | 
kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Mar 17 14:41:45 server pluto[32128]: | * processed 0 messages from 
cryptographic helpers
Mar 17 14:41:45 server pluto[32128]: | next event EVENT_PENDING_DDNS in 
39 seconds
Mar 17 14:41:45 server pluto[32128]: | next event EVENT_PENDING_DDNS in 
39 seconds
Mar 17 14:41:46 server pluto[32128]: |

bits I can massively reduce the log if necessary, but I don't know what 
you want.

Regards,

Nick
On 17/03/2013 01:08, Paul Wouters wrote:
>
> On Sat, 16 Mar 2013, Nick Howitt wrote:
>
>> "ipsec auto --replace MumIn" gives:
>> Mar 16 11:40:29 server pluto[10870]: "MumIn": deleting connection
>> Mar 16 11:40:29 server pluto[10870]: added connection description
>> "MumIn"
>
> Ok, so it loads properly
>
>> Bringing the conn up is irrelevant as right=%any.
>
> right.
>
>
>> This is from earlier. I will try later (tomorrow?) with a lower case
>> conn. Will it help if I do something like set plutodebug=controlmore?
>
> Yes , do a plutodebug=all for me.
>
>> Is the SElinux bit relevant as the identical set of files work with
>> Openswan? Again I can try later by bring the conn into /etc/ipsec.conf.
>
> If it worked with openswan and selinux, I dont expect it to be different
> from libreswan, but Tuomo did have this issue, so perhaps it is. You can
> alwaystry: setenforce permissive and see if that makes it work. But if
> you start libreswan and ipsec auto --status shows the connection loaded,
> you don't have a problem.
>
> Paul

More information about the Swan mailing list