I was configuring IPsec tunnel between two sites. Both ends have Ubuntu machines so far configuration was correct. So i restarted the ipsec service and tried to initialise the connection with below command as usual.
Connection is trying to negotiate on the other end but ended up with this reason on this side. Searched every where, finally i started searching the logs. Finally i came across some thing useful in syslog
Sep 26 15:18:40 hydgw pluto: adjusting ipsec.d to /etc/ipsec.d
Sep 26 15:18:40 hydgw ipsec__plutorun: 002 added connection description "cloud"
Sep 26 15:18:40 hydgw ipsec__plutorun: 003 ERROR: problem with secrets file "/etc/etc/ipsec.d". Errno 2: No such file or directory
Sep 26 16:17:01 hydgw CRON[7731]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
I opened /etc/ipsec.conf
Simply i un commented and restarted, issue was resolved.
NOTE: Not only /etc/ipsec.conf , un comment include etc/ipsec.d/*.secrets in /etc/ipsec.secrets file if issue persists.
root@site1:~# /etc/init.d/ipsec restart
root@site1:~# ipsec whack --initiate --name cloud
000 initiating all conns with alias='cloud'
021 no connection named "cloud"
root@site1:~# vim /var/log/syslog
Sep 26 15:18:40 hydgw ipsec__plutorun: 002 added connection description "cloud"
Sep 26 15:18:40 hydgw ipsec__plutorun: 003 ERROR: problem with secrets file "/etc/etc/ipsec.d". Errno 2: No such file or directory
Sep 26 16:17:01 hydgw CRON[7731]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
root@site1:~# vim /etc/ipsec.conf
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add
#include /etc/ipsec.d/*.conf
d /etc/ipsec.d/*.conf line is commented. The reason for the error i guess is daemon is keep on searching for the config file in wrong location which was mention in the ERROR: from syslog.#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add
#include /etc/ipsec.d/*.conf
Simply i un commented and restarted, issue was resolved.
NOTE: Not only /etc/ipsec.conf , un comment include etc/ipsec.d/*.secrets in /etc/ipsec.secrets file if issue persists.
0 Comments