ipsec: pluto crashed in FC11

Fri, 26 Jun 2009 23:43:26 -0700 

dear all,

i've been running ipsec-tunnels in FC10 from 2 different computers to my
ZyWall. after upgrading to FC11 these vpn-connections do not work
anymore (on both clients). it seems like pluto crashes ...

/var/log/messages:
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: multiple
transforms were set in aggressive mode. Only first one used.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: transform
(5,1,2,0) ignored.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine":
pluto_do_crypto: helper (-1) is  exiting 
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: multiple
transforms were set in aggressive mode. Only first one used.
Jun 27 08:38:25 krebslap ipsec__plutorun: 003 "cuisine" #1: transform
(5,1,2,0) ignored.
Jun 27 08:38:25 krebslap ipsec__plutorun: 112 "cuisine" #1:
STATE_AGGR_I1: initiate
Jun 27 08:38:26 krebslap ipsec__plutorun: /usr/libexec/ipsec/_plutorun:
line 232:  4665 Aborted                 /usr/libexec/ipsec/pluto
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
--use-netkey --uniqueids --nat_traversal --virtual_private oe=off
--nhelpers 0
Jun 27 08:38:26 krebslap ipsec__plutorun: !pluto failure!:  exited with
error status 134 (signal 6)
Jun 27 08:38:26 krebslap ipsec__plutorun: restarting IPsec after
pause...

/var/log/secure:
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500:
OAKLEY_PRESHARED_KEY: Not Supported with NSS
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: ASSERTION
FAILED
at /builddir/build/BUILD/openswan-2.6.21/programs/pluto/crypt_dh.c:446:
case 1 unexpected

and Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500:
virtual_private (%priv):
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: - allowed
0 subnets: 
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: -
disallowed 0 subnets: 
Jun 27 08:39:01 krebslap pluto[5693]: packet from A.B.C.D:500: WARNING:
Either virtual_private= was not specified, or there was a syntax 
Jun 27 08:39:01 krebslap pluto[5693]: packet from 86.59.114.162:500:
error in that line. 'left/rightsubnet=%priv' will not work!


/etc/ipsec.d/cuisine.conf
conn cuisine
        type=tunnel
        auto=start
        auth=esp
        authby=secret
        pfs=yes
        keyingtries=0
        left=192.168.0.3
        [email protected]
        leftsubnet=192.168.0.3/32
        right=A.B.C.D
        rightsubnet=10.0.0.0/24
        rightid=A.B.C.D
        keyexchange=ike
        ike=3des-md5
        aggrmode=yes
        keylife=8h
        ikelifetime=1h
        esp=3des-sha1

any suggestions??????

ciao
  H.

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to