Package: openswan
Version: 1:2.6.37-3
Severity: normal
Dear Maintainer,
I do have one network-interface with multiple alias addresses:
ip addr:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 08:00:27:d2:69:ff brd ff:ff:ff:ff:ff:ff
inet 172.17.0.202/24 brd 172.17.0.255 scope global eth0
inet 172.17.0.232/24 scope global secondary eth0
inet6 fe80::a00:27ff:fed2:69ff/64 scope link
valid_lft forever preferred_lft forever
If i startup ipsec, i'll recieve the following error:
root@Wheezy2:~# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.6.37-g955aaafb-dirty...
ipsec_setup: ipsec0 -> NULL mtu=0(0) -> 0
ipsec_setup: Error: either "local" is duplicate, or "eth0" is a garbage.
ipsec_setup: Error: either "local" is duplicate, or "eth0" is a garbage.
This only happens, if i use the address 172.17.0.232
If i use the main-ip(172.17.0.202) of the interface, the problem doesn't appear.
This is a big problem for me, since i want to use openswan on a
heartbeat-shared-ip-address.
Thank you very much
Wolfgang Hotwagner
-- System Information:
Debian Release: 7.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_AT@euro, LC_CTYPE=iso_8859_1 (charmap=ISO-8859-15) (ignored:
LC_ALL set to de_AT@euro)
Shell: /bin/sh linked to /bin/dash
Versions of packages openswan depends on:
ii bind9-host [host] 1:9.8.4.dfsg.P1-6+nmu2+deb7u1
ii bsdmainutils 9.0.3
ii debconf [debconf-2.0] 1.5.49
ii host 1:9.8.4.dfsg.P1-6+nmu2+deb7u1
ii iproute 20120521-3+b3
ii ipsec-tools 1:0.8.0-14
ii libc6 2.13-38
ii libcurl3 7.26.0-1+wheezy5
ii libgmp10 2:5.0.5+dfsg-2
ii libldap-2.4-2 2.4.31-1+nmu2
ii libpam0g 1.1.3-7.1
ii openssl 1.0.1e-2
openswan recommends no packages.
Versions of packages openswan suggests:
pn curl <none>
pn openswan-doc <none>
pn openswan-modules-source | openswan-modules-dkms <none>
-- Configuration Files:
/etc/ipsec.conf changed:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Enable core dumps (might require system changes, like ulimit -C)
# This is required for abrtd to work properly
# Note: incorrect SElinux policies might prevent pluto writing the core
dumpdir=/var/run/pluto/
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
# using 25/8 as "private" address space on their 3G network.
# This range has not been announced via BGP (at least upto 2010-12-21)
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=auto
# Use this to log to a file, or disable logging on embedded systems
(like openwrt)
#plutostderrlog=/dev/null
interfaces="ipsec0=eth0:0"
conn %default
keyexchange=ike
keyingtries=0
authby=secret
ike=aes256-sha1;modp2048
ikelifetime=28800s
auth=esp
phase2alg=aes256-sha1;modp2048
keylife=28800s
pfs=yes
compress=yes
dpddelay=10
dpdtimeout=120
left=172.17.0.232
-- debconf information excluded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
