Bug 445207 - openswan does not connect to vpn server
openswan does not connect to vpn server
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: openswan (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Steve Grubb
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-05 10:27 EDT by Culapov Andrei
Modified: 2008-07-24 05:01 EDT (History)
1 user (show)

See Also:
Fixed In Version: 2.6.14-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-25 12:58:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
log with plutodebug=all (93.09 KB, application/octet-stream)
2008-05-20 08:35 EDT, Culapov Andrei
no flags Details

  None (edit)
Description Culapov Andrei 2008-05-05 10:27:43 EDT
Description of problem:
i'm not able to connect to my vpn server. My configuration files are:

office.conf

conn office
 left=192.168.2.10
 right=vpn.company.com
 rightsubnet=10.1.1.0/24
 keyexchange=ike
 authby=secret
 #specify encryption FortiGate VPN uses
 esp=3des
 compress=yes

office.secret 
xxx.xxx.xxx.xxx 192.168.2.10: PSK "password"

Version-Release number of selected component (if applicable):
openswan-2.6.09-2.fc9.i386

How reproducible:


Steps to Reproduce:
1.start the ipsec service
2.add the connection
3.try to bring up the connection
  
Actual results:
[andrei@host ~]$ sudo service ipsec start
ipsec_setup: Starting Openswan IPsec U2.6.09/K2.6.25-14.fc9.i686...
ipsec_setup: Trying hardware random, this may fail, which is okay.
ipsec_setup: Trying to load all NETKEY modules:xfrm6_tunnel xfrm6_mode_tunnel
xfrm6_mode_beet xfrm6_mode_ro xfrm6_mode_transport xfrm4_mode_transport
xfrm4_mode_tunnel xfrm4_tunnel xfrm4_mode_beet esp4 esp6 ah4 ah6 ipcomp ipcomp6
af_key
ipsec_setup: Trying VIA padlock driver, this may fail, which is okay.
ipsec_setup: Trying to load Crypto API modules, some may fail, which is okay.
ipsec_setup: aes-x86_64 aes des sha512 sha256 md5 cbc xcbc ecb twofish blowfish
serpent
[andrei@host ~]$ sudo /usr/sbin/ipsec auto --add office
[andrei@host ~]$ sudo /usr/sbin/ipsec auto --up office
104 "office" #1: STATE_MAIN_I1: initiate
003 "office" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
msgid=00000000
003 "office" #1: received and ignored informational message
010 "office" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
003 "office" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
msgid=00000000
003 "office" #1: received and ignored informational message
010 "office" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
003 "office" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
msgid=00000000
003 "office" #1: received and ignored informational message
031 "office" #1: max number of retransmissions (2) reached STATE_MAIN_I1.  No
response (or no acceptable response) to our first IKE message
000 "office" #1: starting keying attempt 2 of at most 3, but releasing whack

Expected results:
have a vpn connection working

Additional info:
if I uninstall the openswan-2.6.09-2.fc9.i386 and install
openswan-2.4.9-2.fc8.i386.rpm the vpn connection works
Comment 1 Bug Zapper 2008-05-14 06:39:58 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Paul Wouters 2008-05-19 16:55:02 EDT
please post your log with plutodebug=all enabled, possible with logs from the
other side as well
Comment 3 Culapov Andrei 2008-05-20 08:35:11 EDT
Created attachment 306113 [details]
log with  plutodebug=all
Comment 4 Paul Wouters 2008-05-26 00:06:55 EDT
there was a broken patch in the fedora/rhel rpm. I know a new rpm made its way,
so please try and see if the upgrade fixes your problem. Not sure about the
final versions going out
Comment 5 Steve Grubb 2008-06-23 17:02:40 EDT
openswan-2.6.14-1 was pushed out for Fedora. Please check if this solves your
problem. Thanks.
Comment 6 Culapov Andrei 2008-06-25 04:17:48 EDT
thank you. now it's working.
Comment 7 Fedora Update System 2008-07-24 05:01:37 EDT
libspe2-2.2.80.95-5.fc9 has been submitted as an update for Fedora 9

Note You need to log in before you can comment on or make changes to this bug.