Hello. Thanks for the reply. iptables is currently disabled.
AFAICT, strongswan (ipsec) IS running as root. Earlier suspects in logs are: loop detected while loading PUBKEY:RSA in plugin 'pem' loop detected while loading PUBKEY:ECDSA in plugin 'pem' feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA feature CERT_DECODE:X509 in plugin 'x509' has unmet soft dependency: PUBKEY:DSA loop detected while loading CERT_DECODE:X509_CRL in plugin 'pem' loop detected while loading CERT_DECODE:X509 in plugin 'pem' feature CERT_DECODE:X509 in plugin 'openssl' has unmet soft dependency: PUBKEY:DSA feature CUSTOM:revocation in plugin 'revocation' has unmet soft dependency: FETCHER:(null) loop detected while loading PRIVKEY:ANY in plugin 'pem' loop detected while loading PRIVKEY:RSA in plugin 'pem' loop detected while loading PRIVKEY:ECDSA in plugin 'pem' feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA loop detected while loading PUBKEY:ANY in plugin 'pem' feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency: CERT_DECODE:PGP feature CERT_DECODE:ANY in plugin 'pem' has unmet soft dependency: CERT_DECODE:PGP feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency: CERT_DECODE:TRUSTED_PUBKEY loop detected while loading CONTAINER_DECODE:PKCS12 in plugin 'pem' feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: PRIVKEY:DSA feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: CERT_DECODE:TRUSTED_PUBKEY unable to load 5 plugin features (5 due to unmet dependencies) dropped capabilities, running as uid 0, gid 0 192.146.101.41 is not a local address or the interface is down 54.88.155.99 is not a local address or the interface is down left nor right host is our side, assuming left=local I figured these were all OK/warnings, including running as root ... I am using IKEv1 & authby=secret , mostly from this doc: http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html On Fri, Aug 15, 2014 at 2:13 PM, Noel Kuntze <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello, > > Did you ... > Check your iptables rules? > Check if strongSwan is running as non-root user? > See any earlier errors in the logs? > > Regards, > Noel Kuntze > > GPG Key id: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > Am 15.08.2014 um 20:01 schrieb Gary Webster: > > Hello. > > Can anyone give me a clue what to try here? > > Thanks. > > > > > > Aug 15 17:44:36 13[NET] <ciscoios|1> sending packet: from > 54.88.155.99[500] to 192.146.101.41[500] (196 bytes) > > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding > > Aug 15 17:44:36 08[JOB] watching 9 for reading > > Aug 15 17:44:36 08[JOB] watching 15 for reading > > Aug 15 17:44:36 08[JOB] watching 16 for reading > > Aug 15 17:44:36 08[JOB] watcher going to select() > > Aug 15 17:44:36 10[NET] sending packet: from 54.88.155.99[500] to > 192.146.101.41[500] > > Aug 15 17:44:36 10[NET] error writing to socket: Invalid argument > > Aug 15 17:44:36 07[JOB] next event in 3s 999ms, waiting > > Aug 15 17:44:36 13[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1] > > Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding > > Aug 15 17:44:36 08[JOB] watching 9 for reading > > Aug 15 17:44:36 08[JOB] watching 15 for reading > > Aug 15 17:44:36 08[JOB] watching 16 for reading > > Aug 15 17:44:36 08[JOB] watcher going to select() > > Aug 15 17:44:40 07[JOB] got event, queuing job for execution > > Aug 15 17:44:40 07[JOB] no events, waiting > > Aug 15 17:44:40 15[MGR] checkout IKE_SA > > Aug 15 17:44:40 15[MGR] IKE_SA ciscoios[1] successfully checked out > > Aug 15 17:44:40 15[IKE] <ciscoios|1> sending retransmit 1 of request > message ID 0, seq 1 > > Aug 15 17:44:40 15[NET] <ciscoios|1> sending packet: from > 54.88.155.99[500] to 192.146.101.41[500] (196 bytes) > > Aug 15 17:44:40 15[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1] > > Aug 15 17:44:40 15[MGR] <ciscoios|1> check-in of IKE_SA successful. > > Aug 15 17:44:40 10[NET] sending packet: from 54.88.155.99[500] to > 192.146.101.41[500] > > Aug 15 17:44:40 10[NET] error writing to socket: Invalid argument > > Aug 15 17:44:40 07[JOB] next event in 7s 199ms, waiting > > Aug 15 17:44:47 07[JOB] got event, queuing job for execution > > Aug 15 17:44:47 07[JOB] no events, waiting > > Aug 15 17:44:47 06[MGR] checkout IKE_SA > > Aug 15 17:44:47 06[MGR] IKE_SA ciscoios[1] successfully checked out > > Aug 15 17:44:47 06[IKE] <ciscoios|1> sending retransmit 2 of request > message ID 0, seq 1 > > Aug 15 17:44:47 06[NET] <ciscoios|1> sending packet: from > 54.88.155.99[500] to 192.146.101.41[500] (196 bytes) > > Aug 15 17:44:47 06[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1] > > Aug 15 17:44:47 06[MGR] <ciscoios|1> check-in of IKE_SA successful. > > Aug 15 17:44:47 10[NET] sending packet: from 54.88.155.99[500] to > 192.146.101.41[500] > > Aug 15 17:44:47 10[NET] error writing to socket: Invalid argument > > Aug 15 17:44:47 07[JOB] next event in 12s 959ms, waiting > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > https://lists.strongswan.org/mailman/listinfo/users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJT7k3mAAoJEDg5KY9j7GZYgSIP/1XRMJAr9IONnkd6Pjn/45d2 > wR2ml8wj5UoJJn3a1gzjTABukNGAhoDmvvt1lUewbB4gJLGs5g38wBG4k1n8iOz8 > UlABTSVRDKu/61XZaGrvO84CjGBl+f/YQsZdMmqc49RAGRVdWvfv+HBLOuriMcWQ > OtCVRIr0ORZRcYOTHhChwb8zN4q38Lu9wrPVss3E3yPq97QSCngNHHlzDsesOmxc > w11MniJ9DRiDW25VS6Mp8NcNP82xKh7YPfNUSyLe+ZKZXMx8Hnn3RGgSCm+IQqNb > HipJ5KcraG1+pwV8j+0ypX0x1KYYyz68kfLp307kRv5wjJnxfcQscsq1fwBmeLWb > KNin/JX1KlL2ou+LUjtmZ26Z5efwDfG0k5yiiY4ylhqDMm4Ym4fUFdUGfRbLV2Yr > t2WmH/ADi4IhlJMD1F4fl2SPazt9kre4nwR3RpF0sHWcibcsSzynwwKP6jjLYV30 > kMsTW/wEcB7MtAvGCRZv4aJ67XPmq3EV9QU/TZkKRnA+KxUxte0nAMlvpb9AUMgY > jRCkJVRQ2t+AI1BcFXPgYl0uXUmHflwJ2yf5hw+jqo0KML0RYoHqIkToJe364TGI > oyDpQM8eDu2iLO4mvCcgS7XNniKRqfixw+8J3LrJiqzErV6CYHiHvQo4UIZiLLWQ > +7BV+vz19FlOffW95rrq > =jZhN > -----END PGP SIGNATURE----- > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -- Gary Webster Software Engineer Perceptive Software [email protected] www.perceptivesoftware.com +1 859 825 4149 direct +1 913 422 7525 corporate NOTICE: If received in error, please destroy the message and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
