ipsec: pluto crashed in FC11
Heinz A. Krebs
heinz at chemit.at
Sat Jun 27 06:42:50 UTC 2009
dear all,
i've been running ipsec-tunnels in FC10 from 2 different computers to my
ZyWall. after upgrading to FC11 these vpn-connections do not work
anymore (on both clients). it seems like pluto crashes ...
/var/log/messages:
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: multiple
transforms were set in aggressive mode. Only first one used.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: transform
(5,1,2,0) ignored.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine":
pluto_do_crypto: helper (-1) is exiting
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: multiple
transforms were set in aggressive mode. Only first one used.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: transform
(5,1,2,0) ignored.
Jun 27 08:38:25 krebslap ipsec__plutorun: 112 "cuisine" #1:
STATE_AGGR_I1: initiate
Jun 27 08:38:26 krebslap ipsec__plutorun: /usr/libexec/ipsec/_plutorun:
line 232: 4665 Aborted /usr/libexec/ipsec/pluto
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
--use-netkey --uniqueids --nat_traversal --virtual_private oe=off
--nhelpers 0
Jun 27 08:38:26 krebslap ipsec__plutorun: !pluto failure!: exited with
error status 134 (signal 6)
Jun 27 08:38:26 krebslap ipsec__plutorun: restarting IPsec after
pause...
/var/log/secure:
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500:
OAKLEY_PRESHARED_KEY: Not Supported with NSS
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: ASSERTION
FAILED
at /builddir/build/BUILD/openswan-2.6.21/programs/pluto/crypt_dh.c:446:
case 1 unexpected
and Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500:
virtual_private (%priv):
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: - allowed
0 subnets:
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: -
disallowed 0 subnets:
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: WARNING:
Either virtual_private= was not specified, or there was a syntax
Jun 27 08:39:01 krebslap pluto[5693]: packet from 86.59.114.162:500:
error in that line. 'left/rightsubnet=%priv' will not work!
/etc/ipsec.d/cuisine.conf
conn cuisine
type=tunnel
auto=start
auth=esp
authby=secret
pfs=yes
keyingtries=0
left=192.168.0.3
leftid=backup at cuisine.at
leftsubnet=192.168.0.3/32
right=A.B.C.D
rightsubnet=10.0.0.0/24
rightid=A.B.C.D
keyexchange=ike
ike=3des-md5
aggrmode=yes
keylife=8h
ikelifetime=1h
esp=3des-sha1
any suggestions??????
ciao
H.
More information about the fedora-list
mailing list