[Vpn-help] Shrew v. 2.1.4 Openswan 2.4.6.1
Matthew Grooms
mgrooms at shrew.net
Fri Nov 21 09:01:12 CST 2008
Stefan Bauer wrote:
> Matthew Grooms schrieb:
>> Hmmm, not a lot to work with here. It looks like the only information
>> being logged is related to packet reception. I would venture to guess
>> that the log level is set too low to be of any use in identifying or
>> resolving the problem.
Stefan,
If I understand correctly, the SWAN products are really two separate
components. Klips which is the kernel mode IPsec processing engine and
Pluto which is the user mode IKE daemon ( similar to iked ). The log
output you have attached appears to be the klips output which would
explain why it only depicts packet traffic and key management events.
The "IKE packet - not handled here" messages confirms this since the
kernel mode portion would pass a non ESP-IN-UDP packet up to the user
mode IKE daemon for processing and is completely normal.
> klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [1].
> klips_debug: IP: ihl:20 ver:4 tos:0 tlen:340 id:1303 frag_off:0
> ttl:54 proto:17 (UDP) chk:26227 saddr:85.181.184.81:500 daddr:10.8.0.1:500
> klips_debug:ipsec_rcv: IKE packet - not handled here
Please take a look at the Pluto log output which will contain the info
related to the IKE exchange failure. As I mentioned previously, I'm far
from an *SWAN expert or I would offer some more detailed advice. The
OpenSWAN wiki seems to be down at the moment but here is one copy of a
man page for pluto. I have no idea how current it is ...
http://linux.die.net/man/8/ipsec_pluto
Hope this helps,
-Matthew
More information about the vpn-help
mailing list