[leaf-user] IPSEC pluto errors
Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the info on the list and archives, I'm at a loss. Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to the bering userguide chapter 15, you don't need certificates if your using pre-shared keys. But, I'm getting the following errors, and I'm wondering if it's related some how. *** auth.log: Nov 1 13:46:41 r2 ipsec__plutorun: Starting Pluto subsystem... Nov 1 13:46:41 r2 pluto[21628]: Starting Pluto (Openswan Version 1.0.7) Nov 1 13:46:41 r2 pluto[21628]: including X.509 patch with traffic selectors (Version 0.9.42) Nov 1 13:46:41 r2 pluto[21628]: including NAT-Traversal patch (Version 0.6) [disabled] Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0) Nov 1 13:46:41 r2 pluto[21628]: Changing to directory '/etc/ipsec.d/cacerts' Nov 1 13:46:41 r2 pluto[21628]: Warning: empty directory Nov 1 13:46:41 r2 pluto[21628]: Changing to directory '/etc/ipsec.d/crls' Nov 1 13:46:41 r2 pluto[21628]: Warning: empty directory Nov 1 13:46:41 r2 pluto[21628]: FATAL ERROR: unable to malloc 0 bytes for cert *** end auth.log So what's up with the FATAL ERROR? It would seem without pluto, my ipsec configuration is unable to start? I can supply full details if required, but I'm hoping it's something much simpler then that. Thanks, Scott. --- Scott Young Network Integration Solutions Inc. 9415 Ottewell Road Edmonton, Alberta T6B2E1 Canada Phone: 780-461-3371 Fax: 780-465-7270 --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC pluto errors
Scott Scott A. Young wrote: Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the info on the list and archives, I'm at a loss. Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to the bering userguide chapter 15, you don't need certificates if your using pre-shared keys. But, I'm getting the following errors, and I'm wondering if it's related some how. So what's up with the FATAL ERROR? It would seem without pluto, my ipsec configuration is unable to start? I can supply full details if required, but I'm hoping it's something much simpler then that. I had a look at the code, is it possible that you have an empty certificate file, possibly called cert? Else you can contact Andreas Steffen on the StrongSwan list. cheers Erich --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC pluto errors
Scott A. Young wrote: Erich, thanks for the info. So then I *_do_* need to generate certificates even if I'm just using pre-shared keys? IFAIK _no_, just make sure you do not have an empty file where a cert would be searched for. The code I looked at would do that weird thing with a file of length zero. Erich --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC pluto errors
Erich, thanks for the info. So then I *_do_* need to generate certificates even if I'm just using pre-shared keys? Scott. - Scott Young Network Integration Solutions Inc. Phone: 780-461-3371 Fax: 780-465-7270 email: [EMAIL PROTECTED] > -Original Message- > From: Erich Titl [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 23, 2004 6:04 AM > To: Scott A. Young > Cc: [EMAIL PROTECTED] > Subject: Re: [leaf-user] IPSEC pluto errors > > Scott > > Scott A. Young wrote: > > >Hi All, I'm also back on the subnet-to-subnet ipsec setup. > Even with > >all the info on the list and archives, I'm at a loss. > > > >Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. > >According to the bering userguide chapter 15, you don't need > >certificates if your using pre-shared keys. But, I'm getting the > >following errors, and I'm wondering if it's related some how. > > > > > >So what's up with the FATAL ERROR? It would seem without > pluto, my ipsec > >configuration is unable to start? > > > >I can supply full details if required, but I'm hoping it's something > >much simpler then that. > > > > > I had a look at the code, is it possible that you have an > empty certificate file, possibly called cert? > Else you can contact Andreas Steffen on the StrongSwan list. > > cheers > Erich > > > --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
