On Sun, 2006-07-23 at 22:53 -0700, Brian Sheets wrote:
> What level of debug to get the info I need to
troubleshoot?
None. Debug is for developers looking for bugs in the code.
It fills
your logs with huge amounts of stuff that's not relevant.
Slows
everything to a crawl as well. If your problems are bad
enough the
developers may ask you to enable some debugging, but I've
never seen
that happen.
Turning debug off does NOT stop normal logging of connection
events.
>
> Brian
>
> -----Original Message-----
> From: Andy Gay [mailto:andy andynet.net]
> Sent: Sunday, July 23, 2006 7:29 PM
> To: Brian Sheets
> Cc: usersopenswan.org
> Subject: Re: [Openswan Users] openswan startup and
version
> interoperability
>
> On Sun, 2006-07-23 at 18:09 -0700, Brian Sheets wrote:
> > Debian linux, kernel vmlinuz-2.6.15-1-686,
openswan version
> > 1:2.4.5+dfsg-
> > 0.2
> >
> > Trying to connect to openswan 2.2.0
> >
> > Config on both sides
> >
> > version 2.0 # conforms to second version of
ipsec.conf
> > specification
> >
> > config setup
> > plutodebug=all
>
> Bad idea. Comment this out please.
>
> > interfaces=%defaultroute
> >
> >
> >
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168
.0.0/16,%v4:
> > !10.0.0.0/24
> >
> > conn net-to-net
> > left=207.7.xx.xx
> > leftsubnet=10.1.0.0/16
> > leftid=l3-gateway1.xx.net #
> > leftrsasigkey=<the really long key>
> > leftnexthop=%defaultroute # correct in
many situations
> > right=198.172.xx.xx
> > rightsubnet=10.200.0.0/16
> > rightid=gateway1.xx.net
> > rightrsasigkey=<the other really long
key>
> > rightnexthop=%defaultroute # correct in
many situations
> > auto=add # authorizes
but doesn't start
> this
> > # connection
at startup
> > # Add connections here
> >
> > #Disable Opportunistic Encryption
> > include /etc/ipsec.d/examples/no_oe.conf
> >
> >
> > startup on the 2.6.15 kernal box gives me
> >
> > l3-gateway1:/etc/init.d# sh ./ipsec restart
> > ipsec_setup: Stopping Openswan IPsec...
> > ipsec_setup: Starting Openswan IPsec 2.4.5...
> > ipsec_setup: insmod
> /lib/modules/2.6.15-1-686/kernel/net/key/af_key.ko
> > ipsec_setup: insmod /lib/modules/2.6.15-1-
> > 686/kernel/net/ipv4/xfrm4_tunnel.ko
> > ipsec_setup: insmod
> >
/lib/modules/2.6.15-1-686/kernel/net/xfrm/xfrm_user.ko
> > ipsec_setup: insmod /lib/modules/2.6.15-1-
> > 686/kernel/drivers/char/hw_random.ko
> > ipsec_setup: FATAL: Error inserting hw_random
(/lib/modules/2.6.15-1-
> > 686/kernel/drivers/char/hw_random.ko): No such
device
> > ipsec_setup: insmod /lib/modules/2.6.15-1-
> > 686/kernel/drivers/crypto/padlock.ko
> > ipsec_setup: FATAL: Error inserting padlock
(/lib/modules/2.6.15-1-
> > 686/kernel/drivers/crypto/padlock.ko): No such
device
> >
> > In addition, ipsec auto --up net-to-net hangs
from the command line,
> > but
> > on the other, openswan 2.2 system, there is an
attempt to make a
> > connection in the logs
> >
> > So, my question, are the errors bad?
> No. Just means you don't have a hardware RNG or the
padlock device.
>
> > What could be causing it to hang?
> No idea. You'll need to post logs. PLEASE turn off
plutodebug=all first!
>
> >
> > Thanks
> >
> > Brian
> >
> > _______________________________________________
> > Usersopenswan.org
> > http
://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks
with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104
-3099591-2946327?n(3155
>
>
>
>
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|