<div dir="ltr">Hi All,<br><br>This is my /etc/ipsec.conf file.<br>[root@msd policy]#<b> cat /etc/ipsec.conf<br></b><br># Openswan IKE daemon configuration file<br>#<br># Generated during Platform Install<br>#<br># We will place user config files in /etc/ipsec.d/conf ending in .conf<br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br># basic configuration<br>config setup<br> # For Red Hat Enterprise Linux, leave protostack=netkey<br> protostack=netkey<br> # plutodebug=crypt control controlmore pfkey dpd<br> plutodebug=all<br> klipsdebug=all<br> nat_traversal=yes<br> virtual_private=<br> oe=off<br> # Enable this if you see failed to find any available worker<br> nhelpers=0<br> plutorestartoncrash=yes<br> # NSS DB Storage<br> plutoopts="--ipsecdir /usr/local/platform/.security/ipsec"<br> # Pluto core file if it cores...<br> dumpdir=/var/log/active/core<br> # For redirecting pluto logs, use plutostderrlog=directory of our choice<br><br>conn block<br><br> auto=ignore<br><br>conn private<br><br> auto=ignore<br><br>conn private-or-clear<br><br> auto=ignore<br><br>conn clear-or-private<br><br> auto=ignore<br><br>conn clear<br><br> auto=ignore<br><br>conn packetdefault<br><br> auto=ignore<br><br># Place all our user configurations (.conf) files below<br>#include /etc/ipsec.d/conf/*.conf<br>include /etc/ipsec.d/conf/1015323275.conf<br><br>and the corresponding conf file
<b>/etc/ipsec.d/conf/1015323275.conf file :-</b><br>[root@msd policy]# cat /etc/ipsec.d/conf/1015323275.conf<br>conn 1015323275_x509<br> left=10.76.214.247<br> leftcert=ipsec-db<br> leftrsasigkey=%cert<br> leftprotoport=tcp/0<br> leftid="C=IN, O=i, OU=ind, CN=msd, ST=TN, L=ipsec"<br> right=10.78.171.146<br> rightcert=<a href="http://ucbu-aricent-vm31.cisco.com">ucbu-aricent-vm31.cisco.com</a><br> rightrsasigkey=%cert<br> rightprotoport=tcp/0<br> rightid=""<br> type=transport<br> auth=esp<br> authby=rsasig<br> keyexchange=ike<br> keyingtries=%forever<br> rekey=yes<br> ike=aes256-sha2_256-modp1024<br> esp=aes256-sha2_256<br> ikelifetime=3600s<br> salifetime=3600s<br> pfs=no<br> auto=start<br><br><b>Core Backtrace :- </b><br><br>Loaded symbols for /usr/lib64/libfreeblpriv3.so<br>Reading symbols from /usr/lib64/libnssdbm3.so...(no debugging symbols found)...done.<br>Loaded symbols for /usr/lib64/libnssdbm3.so<br>Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /'.<br>Program terminated with signal 6, Aborted.<br>#0 0x00007fe93cde8495 in raise () from /lib64/libc.so.6<br><b>(gdb) bt</b><br>#0 0x00007fe93cde8495 in raise () from /lib64/libc.so.6<br>#1 0x00007fe93cde9c75 in abort () from /lib64/libc.so.6<br>#2 0x00007fe93eca58f1 in ?? ()<br><b>#3 0x00007fe93eca5944 in passert_fail ()</b><br>#4 0x00007fe93eca938f in ?? ()<br>#5 0x00007fe93ec9aa2b in ?? ()<br>#6 0x00007fe93ec9aacf in ?? ()<br>#7 0x00007fe93ec9ae9a in ?? ()<br>#8 0x00007fe93eca9bc8 in ?? ()<br>#9 0x00007fe93ecdde3a in ?? ()<br>#10 0x00007fe93ecacd5f in ?? ()<br>#11 0x00007fe93ecaab7c in main ()<br>(gdb) <br><br><br>ipsec startup command outputs:- <br>[root@msd policy]#<b> ipsec auto --add 1015323275_x509</b><br>[root@msd policy]# <b>ipsec auto --up 1015323275_x509</b><br>117 "1015323275_x509" #5051: STATE_QUICK_I1: initiate<br>004 "1015323275_x509" #5051: STATE_QUICK_I2: sent QI2, <b>IPsec SA established transport mode {</b>ESP=>0x52b4320a <0x4d1320b1 xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}<br>[root@msd policy]#<br><br>Pluto cores after connection gets established for few minutes or hours.<br><br>NOTE: openswan is in FIPS mode.<br><br>Am I missing something here ??<br><br>Thanks,<div>Madhan<br><br><br><br></div></div>