[Swan] I broke Libreswan with an SELINUX error
Paul Wouters
paul at nohats.ca
Sat Sep 21 16:59:59 EEST 2013
On Sat, 21 Sep 2013, Nick Howitt wrote:
> I have compiled 3.6rc1 without FIPSCHECK, whatever that is and I am struggling with a conn.
>
> Because of bug 86 I use a conn like:
> conn MumIn
> type=tunnel
> authby=secret
> dpdtimeout=120
> dpddelay=30
> auto=add
> #left=%defaultroute
> #leftnexthop=%defaultroute
> #left=howitts.poweredbyclear.com
> left=82.19.147.85
> leftsourceip=172.17.2.1
> leftsubnet=172.17.2.0/24
> leftid=@Nick
> right=damim.dtdns.net
> rightsubnet=192.168.10.0/24
> salifetime=24h
> dpdaction=clear
> ikelifetime=24h
> ike=aes256-sha1;modp2048
> phase2alg=aes256
> rekey=no
Could you put an ip for right= instead of damim.dtdns.net and see if it
matters? Also change ipsec.secrets so the PSK is found?
Can you show me ipsec auto --status when the conn is loaded and giving:
> Sep 21 12:14:49 server pluto[20435]: packet from 82.30.103.217:500: initial Main Mode message received on 82.19.147.85:500 but no
> connection has been authorized with policy=PSK
> I've also thrown up another bug. In ipsec.conf I have the usual "include /etc/ipsec.d/ipsec.*.conf", but this loads
> ipsec.unmanaged.MumIn.conf and ipsec.unmanaged.MumIn.conf1 (I usually append 1 so something to a file name to temporarily remove it from
> the equation). If correctly does not load ipsec.unmanaged.MumIn.con1.
Odd. I'll try and reproduce.
Paul
More information about the Swan
mailing list