0

I just installed openswan on Ubuntu14. I'm trying to connect to my work's VPN (I have access to the Firewall/VPN btw). When I do a

/usr/sbin/ipsec verify

I get the following:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.38/K4.4.0-53-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
  NETKEY:  Testing XFRM related proc values                     [OK]
[OK]
 [OK]
Hardware RNG detected, testing if used properly                 [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                              [FAILED]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                                 [WARNING]
Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support 
                       [DISABLED]

When I do a

/etc/init.d# /etc/init.d/ipsec status

I get the following

IPsec running  - pluto pid: 7702
pluto pid 7702
No tunnels up

However, I'm not connected to my VPN

Here is my ipsec.conf

config setup

    dumpdir=/var/run/pluto/
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    #        nat_traversal=yes
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    # It seems that T-Mobile in the US and Rogers/Fido in Canada are
    # using 25/8 as "private" address space on their 3G network.
    # This range has not been announced via BGP (at least upto 2010-12-21)
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. auto will try netkey, then klips then mast
    #protostack=netkey
    # Use this to log to a file, or disable logging on embedded systems (like openwrt)
    plutostderrlog=/var/log/pluto
    plutodebug="all"
    protostack=netkey

Here is ipsec.secrets

@admin : XAUTH  "xxxxxxxx"
%any   example.net   : PSK "xxxxxxxx"ny 

I also get the following errors in the pluto.log

ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type   already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
| ESP registered with kernel.

Any help will be greatly appreciated.

1 Answer 1

0

I resolved this by removing from

esp=aes256-sha256,modp1536

and adding

ike=aes256-sha1,aes128-sha1,3des-sha1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .