blade74
26.05.05, 12:14
Hallo ich habe hier ein Suse 9.3 Rechner auf dem läuft Openswan
Vorher hatte ich Suse 9.0 mit freeswan
So seit dem ich nun die 9.3 benutze bekomme ich keinen Verbindungsaufbau mehr hin
Konfiguration ist die gleiche wie vorher
Ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.6.11.4-20a-default (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: linux [MISSING]
Does the machine have at least one non-private address? [FAILED]
Hier die Fehlermeldung beim start von ipsec in /var/log/messeges
May 26 13:06:35 linux ipsec_setup: KLIPS ipsec0 on eth1 192.168.100.3/255.255.255.0 broadcast 192.168.100.255 mtu 1500
May 26 13:06:35 linux ipsec__plutorun: Starting Pluto subsystem...
May 26 13:06:35 linux ipsec_setup: ...Openswan IPsec started
May 26 13:06:35 linux ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.11.4-20a-default...
May 26 13:06:36 linux pluto[19113]: Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
May 26 13:06:36 linux pluto[19113]: including NAT-Traversal patch (Version 0.6c)
May 26 13:06:36 linux pluto[19113]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 26 13:06:36 linux pluto[19113]: Using Linux 2.6 IPsec interface code
May 26 13:06:36 linux pluto[19113]: Changing to directory '/etc/ipsec.d/cacerts'
May 26 13:06:36 linux pluto[19113]: loaded CA cert file 'cacert.pem' (1480 bytes)
May 26 13:06:36 linux pluto[19113]: Could not change to directory '/etc/ipsec.d/aacerts'
May 26 13:06:36 linux pluto[19113]: Could not change to directory '/etc/ipsec.d/ocspcerts'
May 26 13:06:36 linux pluto[19113]: Changing to directory '/etc/ipsec.d/crls'
May 26 13:06:36 linux pluto[19113]: loaded crl file 'crl.pem' (780 bytes)
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "block": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "clear-or-private": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "clear": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "private-or-clear": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "athome": %defaultroute requested but not known
May 26 13:06:37 linux ipsec__plutorun: ipsec_auto: fatal error in "private": %defaultroute requested but not known
May 26 13:06:37 linux pluto[19113]: listening for IKE messages
May 26 13:06:37 linux pluto[19113]: adding interface eth1/eth1 192.168.100.3
May 26 13:06:37 linux pluto[19113]: adding interface eth1/eth1 192.168.100.3:4500
May 26 13:06:37 linux pluto[19113]: adding interface eth0/eth0 192.168.100.16
May 26 13:06:37 linux pluto[19113]: adding interface eth0/eth0 192.168.100.16:4500
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo 127.0.0.1
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo 127.0.0.1:4500
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo ::1
May 26 13:06:37 linux pluto[19113]: loading secrets from "/etc/ipsec.secrets"
May 26 13:06:37 linux pluto[19113]: loaded private key file '/etc/ipsec.d/private/arsathome.hhv.de.key' (963 bytes)
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "packetdefault"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "packetdefault"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "block"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "block"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "clear-or-private"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "clear-or-private"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "clear"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "clear"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "private-or-clear"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "private-or-clear"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "arsathome"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "athome"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "private"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "private"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "athome"
May 26 13:06:37 linux ipsec__plutorun: ...could not start conn "athome"
Und hier noch die ipsec.conf
# basic configuration
### Converted to version 2.0 ipsec.conf by freeswan %post
version 2.0
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces=%defaultroute
interfaces="ipsec0=eth1"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
### Commented out by freeswan %post
#plutoload=%search
#plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# Enable NAT-Traversal
nat_traversal=yes
overridemtu=1500
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
conn athome
type=tunnel
leftrsasigkey=%cert
leftid="c=DE, st=NRW, l=Duelm, o=Test, ou=DV, cn=test.de"
left=223.9.29.70
leftsubnet=192.168.11.0/20
rightrsasigkey=%cert
rightcert=athome.de.pem
right=%defaultroute
rightid="c=DE, st=NRW, l=Duelm, o=Test, ou=DV, cn=athome.de"
rightsubnet=192.168.10.0/24
auto=start
Danke
Vorher hatte ich Suse 9.0 mit freeswan
So seit dem ich nun die 9.3 benutze bekomme ich keinen Verbindungsaufbau mehr hin
Konfiguration ist die gleiche wie vorher
Ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.6.11.4-20a-default (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: linux [MISSING]
Does the machine have at least one non-private address? [FAILED]
Hier die Fehlermeldung beim start von ipsec in /var/log/messeges
May 26 13:06:35 linux ipsec_setup: KLIPS ipsec0 on eth1 192.168.100.3/255.255.255.0 broadcast 192.168.100.255 mtu 1500
May 26 13:06:35 linux ipsec__plutorun: Starting Pluto subsystem...
May 26 13:06:35 linux ipsec_setup: ...Openswan IPsec started
May 26 13:06:35 linux ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.11.4-20a-default...
May 26 13:06:36 linux pluto[19113]: Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
May 26 13:06:36 linux pluto[19113]: including NAT-Traversal patch (Version 0.6c)
May 26 13:06:36 linux pluto[19113]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 26 13:06:36 linux pluto[19113]: Using Linux 2.6 IPsec interface code
May 26 13:06:36 linux pluto[19113]: Changing to directory '/etc/ipsec.d/cacerts'
May 26 13:06:36 linux pluto[19113]: loaded CA cert file 'cacert.pem' (1480 bytes)
May 26 13:06:36 linux pluto[19113]: Could not change to directory '/etc/ipsec.d/aacerts'
May 26 13:06:36 linux pluto[19113]: Could not change to directory '/etc/ipsec.d/ocspcerts'
May 26 13:06:36 linux pluto[19113]: Changing to directory '/etc/ipsec.d/crls'
May 26 13:06:36 linux pluto[19113]: loaded crl file 'crl.pem' (780 bytes)
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "block": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "clear-or-private": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "clear": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "private-or-clear": %defaultroute requested but not known
May 26 13:06:36 linux ipsec__plutorun: ipsec_auto: fatal error in "athome": %defaultroute requested but not known
May 26 13:06:37 linux ipsec__plutorun: ipsec_auto: fatal error in "private": %defaultroute requested but not known
May 26 13:06:37 linux pluto[19113]: listening for IKE messages
May 26 13:06:37 linux pluto[19113]: adding interface eth1/eth1 192.168.100.3
May 26 13:06:37 linux pluto[19113]: adding interface eth1/eth1 192.168.100.3:4500
May 26 13:06:37 linux pluto[19113]: adding interface eth0/eth0 192.168.100.16
May 26 13:06:37 linux pluto[19113]: adding interface eth0/eth0 192.168.100.16:4500
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo 127.0.0.1
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo 127.0.0.1:4500
May 26 13:06:37 linux pluto[19113]: adding interface lo/lo ::1
May 26 13:06:37 linux pluto[19113]: loading secrets from "/etc/ipsec.secrets"
May 26 13:06:37 linux pluto[19113]: loaded private key file '/etc/ipsec.d/private/arsathome.hhv.de.key' (963 bytes)
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "packetdefault"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "packetdefault"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "block"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "block"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "clear-or-private"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "clear-or-private"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "clear"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "clear"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "private-or-clear"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "private-or-clear"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "arsathome"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "athome"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "private"
May 26 13:06:37 linux ipsec__plutorun: ...could not route conn "private"
May 26 13:06:37 linux ipsec__plutorun: 021 no connection named "athome"
May 26 13:06:37 linux ipsec__plutorun: ...could not start conn "athome"
Und hier noch die ipsec.conf
# basic configuration
### Converted to version 2.0 ipsec.conf by freeswan %post
version 2.0
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces=%defaultroute
interfaces="ipsec0=eth1"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
### Commented out by freeswan %post
#plutoload=%search
#plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# Enable NAT-Traversal
nat_traversal=yes
overridemtu=1500
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
conn athome
type=tunnel
leftrsasigkey=%cert
leftid="c=DE, st=NRW, l=Duelm, o=Test, ou=DV, cn=test.de"
left=223.9.29.70
leftsubnet=192.168.11.0/20
rightrsasigkey=%cert
rightcert=athome.de.pem
right=%defaultroute
rightid="c=DE, st=NRW, l=Duelm, o=Test, ou=DV, cn=athome.de"
rightsubnet=192.168.10.0/24
auto=start
Danke