OpenSwan Log files??? / Networking, Server, and Protection / Arch Linux Forums

You are not logged in.

Topics: Active | Unanswered

Pages: 1

#1 2008-12-12 08:19:02

hungsonbk: Member; Registered: 2007-05-26; Posts: 105; Website

OpenSwan Log files???

Hi Archers,

I have just installed openswan and openswan-klips, I try to run it and want to see the log files but I didn't know where are the log files.:|:|:|:|:|

The default Ipsec stack is Netkey and I want to use ipsec Klips stack but the klips stack I downloaded from pacman is for kernel 2.6.23 but I am using kernel 2.6.27. Is there any Mirror that I can download Klips for 2.6.27?

This is the information from everything.log file:

padlock: VIA PadLock Hash Engine not detected.
Dec 12 17:28:38 Monitor1 padlock: VIA PadLock Hash Engine not detected.

So what is VIA padlock Hash Engine and how can I load the crypto module?

Thanks

Last edited by hungsonbk (2008-12-12 08:52:18)

Offline

#2 2008-12-12 10:41:08

tomk: Forum Fellow; From: Ireland; Registered: 2004-07-21; Posts: 9,839

Re: OpenSwan Log files???

openwan logs to /var/log/auth.log. klips does not function with kernel 2.6.27, so you will have to use netkey for now. klips will be back in future versions.

VIA Padlock is a dedicated hardware crypto processor available on some VIA motherboards. Openswan attempts to load it, and if it doesn't find it, logs that message - nothing to worry about. If you check lsmod, you will see that the required crypto modules have been loaded.

Offline

#3 2008-12-12 11:05:56

hungsonbk: Member; Registered: 2007-05-26; Posts: 105; Website

Re: OpenSwan Log files???

Thank Tomk,

I checked the information in /var/log/auth.log but it does not help. Here is the information of the auth.log file:

Dec 12 18:41:54 Monitor1 pluto[2585]: Starting Pluto (Openswan Version 2.4.11 PLUTO_SENDS_VENDORID PLUTO_
USES_KEYRR; Vendor ID OE{dD^fJcUvk)
Dec 12 18:41:54 Monitor1 pluto[2585]: Setting NAT-Traversal port-4500 floating to off
Dec 12 18:41:54 Monitor1 pluto[2585]: port floating activation criteria nat_t=0/port_fload=1
Dec 12 18:41:54 Monitor1 pluto[2585]: including NAT-Traversal patch (Version 0.6c) [disabled]
Dec 12 18:41:54 Monitor1 pluto[2585]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Dec 12 18:41:54 Monitor1 pluto[2585]: starting up 1 cryptographic helpers
Dec 12 18:41:54 Monitor1 pluto[2585]: started helper pid=2603 (fd:6)
Dec 12 18:41:54 Monitor1 pluto[2585]: Using NETKEY IPsec interface code on 2.6.27-ARCH
Dec 12 18:41:55 Monitor1 pluto[2585]: Changing to directory '/etc/ipsec.d/cacerts'
Dec 12 18:41:55 Monitor1 pluto[2585]: Changing to directory '/etc/ipsec.d/aacerts'
Dec 12 18:41:55 Monitor1 pluto[2585]: Changing to directory '/etc/ipsec.d/ocspcerts'
Dec 12 18:41:55 Monitor1 pluto[2585]: Changing to directory '/etc/ipsec.d/crls'
Dec 12 18:41:55 Monitor1 pluto[2585]: Warning: empty directory
Dec 12 18:41:55 Monitor1 pluto[2585]: added connection description "tunnelipsec"
Dec 12 18:41:55 Monitor1 pluto[2585]: listening for IKE messages
Dec 12 18:41:55 Monitor1 pluto[2585]: adding interface eth1/eth1 x.x.x.x:500
Dec 12 18:41:55 Monitor1 pluto[2585]: adding interface eth0/eth0 y.y.y.y:500
Dec 12 18:41:55 Monitor1 pluto[2585]: adding interface lo/lo 127.0.0.1:500
Dec 12 18:41:55 Monitor1 pluto[2585]: loading secrets from "/etc/ipsec.secrets"
Dec 12 18:51:43 Monitor1 pluto[2585]: shutting down
Dec 12 18:51:43 Monitor1 pluto[2585]: forgetting secrets
Dec 12 18:51:43 Monitor1 pluto[2585]: "tunnelipsec": deleting connection
Dec 12 18:51:43 Monitor1 pluto[2585]: shutting down interface lo/lo 127.0.0.1:500
Dec 12 18:51:43 Monitor1 pluto[2585]: shutting down interface eth0/eth0 y.y.y.y:500
Dec 12 18:51:43 Monitor1 pluto[2585]: shutting down interface eth1/eth1 x.x.x.x:500

I am using Netkey instead of Klips, but I can't see the ipsec0 interface by the ifconfig command. So from where can I get more information from openswan. With this information, I can't find the problem of the ipsec connaction.

Thanks

Last edited by hungsonbk (2008-12-12 11:06:42)

Offline

#4 2008-12-12 20:44:55

tomk: Forum Fellow; From: Ireland; Registered: 2004-07-21; Posts: 9,839

Re: OpenSwan Log files???

ipsecX nterfaces are only created by klips - netkey uses the existing interfaces.

Can you access the logs at the other side of the tunnel? There's very little to work with in your post.

You can also ask on the openswan users mailing list: http://lists.openswan.org/mailman/listinfo/users

Offline

Pages: 1

Board footer

Atom topic feed