This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Kernel Modules not loaded

Hello,

we are using Astaro 6.303 (on ASG 110) and 6.302 (on ASG 220) and on both systems if we want to activate the IPSec connections, it looks like it is normally active (Status in Webadmin looks like enabled-green), but the connections cannot be activated.

If we click on "VPN Status", there comes the empty page with the obvious black header (for refresh interval) only, nothing more. If we click on "VPN routes", then the message is displayed

:: IPSec Kernel Modules not loaded ::

It does not help to make the warm restart of the ASG, as well as the could restart, the daemon is not started more.

Last action what we did with the IPSec management was we have deleted some old test connections, defined as the experimens before months, intended to L2TP over IPSec for road warriors. Second thing what we made we changed the certificates

In the ipsec.log from today is written only (2 lines, but we restarted the ASG more times, so it looks like nothing writes into the log more):

2007:02:23-09:54:25 (none) ipsec_starter[3981]: child 3985 (Pluto) has been killed by sig 9
2007:02:23-09:54:25 (none) ipsec_starter[3981]: shutting down interface ipsec0/eth0

- before, all logs are empty (0 length) for the last more tham 20 days. The last non-empty log looked - for me - normally (see below). Does anybody know what could be the problem?
I've seen there was already such a problem listed here some longer time in the past, but without answers... :-(

Every help will be appreciated.

   Thank You, Archie.

P.S. Wie did not use the VPN till now, want to activate and use it.

P.P.S. last "good looking" non-empty log about was:
..... (additional lines which do not fit to the length of the post on the formum) ...
2007:01:02-08:07:27 (none) pluto[3984]: Could not change to directory '/etc/ipsec.d/ocspcerts'
2007:01:02-08:07:27 (none) pluto[3984]: Changing to directory '/etc/ipsec.d/crls'
2007:01:02-08:07:27 (none) pluto[3984]:   Warning: empty directory
2007:01:02-08:07:27 (none) pluto[3984]: listening for IKE messages
2007:01:02-08:07:27 (none) pluto[3984]: adding interface ipsec0/eth0 192.168.89.254:500
2007:01:02-08:07:27 (none) pluto[3984]: adding interface ipsec0/eth0 192.168.89.254:4500
2007:01:02-08:07:27 (none) pluto[3984]: loading secrets from "/etc/ipsec.secrets"
2007:01:02-08:07:27 (none) pluto[3984]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-08:07:27 (none) pluto[3984]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-08:07:27 (none) pluto[3984]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-08:07:27 (none) pluto[3984]: added connection description "S_Test_Connection_0"
2007:01:02-08:07:27 (none) pluto[3984]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-08:07:27 (none) pluto[3984]: added connection description "S_Test_Connection_1"
2007:01:02-08:36:12 (none) ipsec_starter[3825]: Starting Openswan IPsec 2.4.3 [starter]...
2007:01:02-08:36:12 (none) ipsec_starter[3855]: IP address of physical interface changed -> reinit of ipsec interface
2007:01:02-08:36:12 (none) ipsec_starter[3855]: attaching interface ipsec0 to eth0
2007:01:02-08:36:12 (none) ipsec_starter[3855]: Attempting to start pluto...
2007:01:02-08:36:13 (none) ipsec_starter[3855]: pluto (3864) started
2007:01:02-08:36:13 (none) pluto[3864]: Starting Pluto (Openswan Version 2.4.3 X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE[puA}YYX~F)
2007:01:02-08:36:13 (none) pluto[3864]: Setting NAT-Traversal port-4500 floating to on
2007:01:02-08:36:13 (none) pluto[3864]:    port floating activation criteria nat_t=1/port_fload=1
2007:01:02-08:36:13 (none) pluto[3864]:   including NAT-Traversal patch (Version 0.6c)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
2007:01:02-08:36:13 (none) pluto[3864]: no helpers will be started, all cryptographic operations will be done inline
2007:01:02-08:36:13 (none) pluto[3864]: Using KLIPS IPsec interface code on 2.6.10-58-default
2007:01:02-08:36:13 (none) pluto[3864]: Changing to directory '/etc/ipsec.d/cacerts'
2007:01:02-08:36:13 (none) pluto[3864]:   loaded CA cert file 'Baader_Computer_Certification_Authority.pem' (1529 bytes)
2007:01:02-08:36:13 (none) pluto[3864]: Could not change to directory '/etc/ipsec.d/aacerts'
2007:01:02-08:36:13 (none) pluto[3864]: Could not change to directory '/etc/ipsec.d/ocspcerts'
2007:01:02-08:36:13 (none) pluto[3864]: Changing to directory '/etc/ipsec.d/crls'
2007:01:02-08:36:13 (none) pluto[3864]:   Warning: empty directory
2007:01:02-08:36:13 (none) pluto[3864]: listening for IKE messages
2007:01:02-08:36:13 (none) pluto[3864]: adding interface ipsec0/eth0 192.168.89.254:500
2007:01:02-08:36:13 (none) pluto[3864]: adding interface ipsec0/eth0 192.168.89.254:4500
2007:01:02-08:36:13 (none) pluto[3864]: loading secrets from "/etc/ipsec.secrets"
2007:01:02-08:36:13 (none) pluto[3864]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-08:36:13 (none) pluto[3864]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-08:36:13 (none) pluto[3864]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-08:36:13 (none) pluto[3864]: added connection description "S_Test_Connection_0"
2007:01:02-08:36:13 (none) pluto[3864]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-08:36:13 (none) pluto[3864]: added connection description "S_Test_Connection_1"
2007:01:02-12:12:18 (none) ipsec_starter[3847]: pluto is already running (/var/run/pluto/pluto.pid exists) -- aborting
2007:01:02-12:12:32 (none) ipsec_starter[3969]: Starting Openswan IPsec 2.4.3 [starter]...
2007:01:02-12:12:32 (none) ipsec_starter[3981]: IP address of physical interface changed -> reinit of ipsec interface
2007:01:02-12:12:32 (none) ipsec_starter[3981]: attaching interface ipsec0 to eth0
2007:01:02-12:12:32 (none) ipsec_starter[3981]: Attempting to start pluto...
2007:01:02-12:12:33 (none) ipsec_starter[3981]: pluto (3985) started
2007:01:02-12:12:33 (none) pluto[3985]: Starting Pluto (Openswan Version 2.4.3 X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE[puA}YYX~F)
2007:01:02-12:12:33 (none) pluto[3985]: Setting NAT-Traversal port-4500 floating to on
2007:01:02-12:12:33 (none) pluto[3985]:    port floating activation criteria nat_t=1/port_fload=1
2007:01:02-12:12:33 (none) pluto[3985]:   including NAT-Traversal patch (Version 0.6c)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
2007:01:02-12:12:33 (none) pluto[3985]: no helpers will be started, all cryptographic operations will be done inline
2007:01:02-12:12:33 (none) pluto[3985]: Using KLIPS IPsec interface code on 2.6.10-58-default
2007:01:02-12:12:33 (none) pluto[3985]: Changing to directory '/etc/ipsec.d/cacerts'
2007:01:02-12:12:33 (none) pluto[3985]:   loaded CA cert file 'Baader_Computer_Certification_Authority.pem' (1529 bytes)
2007:01:02-12:12:33 (none) pluto[3985]: Could not change to directory '/etc/ipsec.d/aacerts'
2007:01:02-12:12:33 (none) pluto[3985]: Could not change to directory '/etc/ipsec.d/ocspcerts'
2007:01:02-12:12:33 (none) pluto[3985]: Changing to directory '/etc/ipsec.d/crls'
2007:01:02-12:12:33 (none) pluto[3985]:   Warning: empty directory
2007:01:02-12:12:33 (none) pluto[3985]: listening for IKE messages
2007:01:02-12:12:33 (none) pluto[3985]: adding interface ipsec0/eth0 192.168.89.254:500
2007:01:02-12:12:33 (none) pluto[3985]: adding interface ipsec0/eth0 192.168.89.254:4500
2007:01:02-12:12:33 (none) pluto[3985]: loading secrets from "/etc/ipsec.secrets"
2007:01:02-12:12:33 (none) pluto[3985]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-12:12:33 (none) pluto[3985]:   loaded private key file '/etc/ipsec.d/private/BC_Host_Prastaro_Firewall_Certificate_1.pem' (1743 bytes)
2007:01:02-12:12:33 (none) pluto[3985]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-12:12:33 (none) pluto[3985]: added connection description "S_Test_Connection_0"
2007:01:02-12:12:33 (none) pluto[3985]:   loaded host cert file '/etc/x509cert.der' (1339 bytes)
2007:01:02-12:12:33 (none) pluto[3985]: added connection description "S_Test_Connection_1"

This thread was automatically locked due to age.