Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the info on the list and archives, I'm at a loss.
Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to the bering userguide chapter 15, you don't need certificates if your using pre-shared keys. But, I'm getting the following errors, and I'm wondering if it's related some how. *** auth.log: Nov 1 13:46:41 r2 ipsec__plutorun: Starting Pluto subsystem... Nov 1 13:46:41 r2 pluto[21628]: Starting Pluto (Openswan Version 1.0.7) Nov 1 13:46:41 r2 pluto[21628]: including X.509 patch with traffic selectors (Version 0.9.42) Nov 1 13:46:41 r2 pluto[21628]: including NAT-Traversal patch (Version 0.6) [disabled] Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: Changing to directory '/etc/ipsec.d/cacerts' Nov 1 13:46:41 r2 pluto[21628]: Warning: empty directory Nov 1 13:46:41 r2 pluto[21628]: Changing to directory '/etc/ipsec.d/crls' Nov 1 13:46:41 r2 pluto[21628]: Warning: empty directory Nov 1 13:46:41 r2 pluto[21628]: FATAL ERROR: unable to malloc 0 bytes for cert *** end auth.log So what's up with the FATAL ERROR? It would seem without pluto, my ipsec configuration is unable to start? I can supply full details if required, but I'm hoping it's something much simpler then that. Thanks, Scott. --- Scott Young Network Integration Solutions Inc. 9415 Ottewell Road Edmonton, Alberta T6B2E1 Canada Phone: 780-461-3371 Fax: 780-465-7270 ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
