<div dir="ltr"><div><div><div>Hello.<br></div>Thanks for the reply.<br><br></div>iptables is currently disabled.<br><br></div>AFAICT, strongswan (ipsec) IS running as root.<br><br><div class="gmail_extra">Earlier suspects in logs are:<br>
<br>loop detected while loading PUBKEY:RSA in plugin 'pem'<br>loop detected while loading PUBKEY:ECDSA in plugin 'pem'<br>feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA<br>feature CERT_DECODE:X509 in plugin 'x509' has unmet soft dependency: PUBKEY:DSA<br>
loop detected while loading CERT_DECODE:X509_CRL in plugin 'pem'<br>loop detected while loading CERT_DECODE:X509 in plugin 'pem'<br>feature CERT_DECODE:X509 in plugin 'openssl' has unmet soft dependency: PUBKEY:DSA<br>
feature CUSTOM:revocation in plugin 'revocation' has unmet soft dependency: FETCHER:(null)<br>loop detected while loading PRIVKEY:ANY in plugin 'pem'<br>loop detected while loading PRIVKEY:RSA in plugin 'pem'<br>
loop detected while loading PRIVKEY:ECDSA in plugin 'pem'<br>feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA<br>loop detected while loading PUBKEY:ANY in plugin 'pem'<br>feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency: CERT_DECODE:PGP<br>
feature CERT_DECODE:ANY in plugin 'pem' has unmet soft dependency: CERT_DECODE:PGP<br>feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST<br>feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency: CERT_DECODE:TRUSTED_PUBKEY<br>
loop detected while loading CONTAINER_DECODE:PKCS12 in plugin 'pem'<br>feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: PRIVKEY:DSA<br>feature CUSTOM:stroke in plugin 'stroke' has unmet soft dependency: CERT_DECODE:TRUSTED_PUBKEY<br>
unable to load 5 plugin features (5 due to unmet dependencies)<br>dropped capabilities, running as uid 0, gid 0<br>192.146.101.41 is not a local address or the interface is down<br>54.88.155.99 is not a local address or the interface is down<br>
left nor right host is our side, assuming left=local<br><br><br></div><div class="gmail_extra"></div><div class="gmail_extra">I figured these were all OK/warnings, including running as root ...<br></div><div class="gmail_extra">
<br></div><div class="gmail_extra">I am using IKEv1 & authby=secret , mostly from this doc:<br><a href="http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html">http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html</a><br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Fri, Aug 15, 2014 at 2:13 PM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hello,<br>
<br>
Did you ...<br>
Check your iptables rules?<br>
Check if strongSwan is running as non-root user?<br>
See any earlier errors in the logs?<br>
<br>
Regards,<br>
Noel Kuntze<br>
<br>
GPG Key id: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
Am 15.08.2014 um 20:01 schrieb Gary Webster:<br>
<div><div>> Hello.<br>
> Can anyone give me a clue what to try here?<br>
> Thanks.<br>
><br>
><br>
> Aug 15 17:44:36 13[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)<br>
> Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding<br>
> Aug 15 17:44:36 08[JOB] watching 9 for reading<br>
> Aug 15 17:44:36 08[JOB] watching 15 for reading<br>
> Aug 15 17:44:36 08[JOB] watching 16 for reading<br>
> Aug 15 17:44:36 08[JOB] watcher going to select()<br>
> Aug 15 17:44:36 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]<br>
> Aug 15 17:44:36 10[NET] error writing to socket: Invalid argument<br>
> Aug 15 17:44:36 07[JOB] next event in 3s 999ms, waiting<br>
> Aug 15 17:44:36 13[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]<br>
> Aug 15 17:44:36 08[JOB] watcher got notification, rebuilding<br>
> Aug 15 17:44:36 08[JOB] watching 9 for reading<br>
> Aug 15 17:44:36 08[JOB] watching 15 for reading<br>
> Aug 15 17:44:36 08[JOB] watching 16 for reading<br>
> Aug 15 17:44:36 08[JOB] watcher going to select()<br>
> Aug 15 17:44:40 07[JOB] got event, queuing job for execution<br>
> Aug 15 17:44:40 07[JOB] no events, waiting<br>
> Aug 15 17:44:40 15[MGR] checkout IKE_SA<br>
> Aug 15 17:44:40 15[MGR] IKE_SA ciscoios[1] successfully checked out<br>
> Aug 15 17:44:40 15[IKE] <ciscoios|1> sending retransmit 1 of request message ID 0, seq 1<br>
> Aug 15 17:44:40 15[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)<br>
> Aug 15 17:44:40 15[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]<br>
> Aug 15 17:44:40 15[MGR] <ciscoios|1> check-in of IKE_SA successful.<br>
> Aug 15 17:44:40 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]<br>
> Aug 15 17:44:40 10[NET] error writing to socket: Invalid argument<br>
> Aug 15 17:44:40 07[JOB] next event in 7s 199ms, waiting<br>
> Aug 15 17:44:47 07[JOB] got event, queuing job for execution<br>
> Aug 15 17:44:47 07[JOB] no events, waiting<br>
> Aug 15 17:44:47 06[MGR] checkout IKE_SA<br>
> Aug 15 17:44:47 06[MGR] IKE_SA ciscoios[1] successfully checked out<br>
> Aug 15 17:44:47 06[IKE] <ciscoios|1> sending retransmit 2 of request message ID 0, seq 1<br>
> Aug 15 17:44:47 06[NET] <ciscoios|1> sending packet: from 54.88.155.99[500] to 192.146.101.41[500] (196 bytes)<br>
> Aug 15 17:44:47 06[MGR] <ciscoios|1> checkin IKE_SA ciscoios[1]<br>
> Aug 15 17:44:47 06[MGR] <ciscoios|1> check-in of IKE_SA successful.<br>
> Aug 15 17:44:47 10[NET] sending packet: from 54.88.155.99[500] to 192.146.101.41[500]<br>
> Aug 15 17:44:47 10[NET] error writing to socket: Invalid argument<br>
> Aug 15 17:44:47 07[JOB] next event in 12s 959ms, waiting<br>
><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQIcBAEBCAAGBQJT7k3mAAoJEDg5KY9j7GZYgSIP/1XRMJAr9IONnkd6Pjn/45d2<br>
wR2ml8wj5UoJJn3a1gzjTABukNGAhoDmvvt1lUewbB4gJLGs5g38wBG4k1n8iOz8<br>
UlABTSVRDKu/61XZaGrvO84CjGBl+f/YQsZdMmqc49RAGRVdWvfv+HBLOuriMcWQ<br>
OtCVRIr0ORZRcYOTHhChwb8zN4q38Lu9wrPVss3E3yPq97QSCngNHHlzDsesOmxc<br>
w11MniJ9DRiDW25VS6Mp8NcNP82xKh7YPfNUSyLe+ZKZXMx8Hnn3RGgSCm+IQqNb<br>
HipJ5KcraG1+pwV8j+0ypX0x1KYYyz68kfLp307kRv5wjJnxfcQscsq1fwBmeLWb<br>
KNin/JX1KlL2ou+LUjtmZ26Z5efwDfG0k5yiiY4ylhqDMm4Ym4fUFdUGfRbLV2Yr<br>
t2WmH/ADi4IhlJMD1F4fl2SPazt9kre4nwR3RpF0sHWcibcsSzynwwKP6jjLYV30<br>
kMsTW/wEcB7MtAvGCRZv4aJ67XPmq3EV9QU/TZkKRnA+KxUxte0nAMlvpb9AUMgY<br>
jRCkJVRQ2t+AI1BcFXPgYl0uXUmHflwJ2yf5hw+jqo0KML0RYoHqIkToJe364TGI<br>
oyDpQM8eDu2iLO4mvCcgS7XNniKRqfixw+8J3LrJiqzErV6CYHiHvQo4UIZiLLWQ<br>
+7BV+vz19FlOffW95rrq<br>
=jZhN<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Gary Webster<br>
Software Engineer<br>
Perceptive Software<br>
<br>
<a href="mailto:gary.webster@perceptivesoftware.com" target="_blank">gary.webster@perceptivesoftware.com</a><br>
<a href="http://www.perceptivesoftware.com/" target="_blank">www.perceptivesoftware.com</a><br>
<br>
<a value="+19136673198">+1 859 825 4149</a> direct<br><a value="+19134227525">+1 913 422 7525</a> corporate<br>
<br>
NOTICE: If received in error, please destroy the message and notify
sender. Sender does not waive confidentiality or privilege, and use is
prohibited.<br>
</div></div>