# IPsec dont want to tunnel up

## slashlinux

Hello dear people,

I have a problem with my ipsec/openswan on my gentoo   :Shocked:  , it dont want to tunnel up and I have more errors.

My OS is :

```
cat /etc/*release

Gentoo Base System release 2.2

DISTRIB_ID="Gentoo"

NAME=Gentoo

ID=gentoo

PRETTY_NAME="Gentoo/Linux"

ANSI_COLOR="1;32"

HOME_URL="http://www.gentoo.org/"

SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"

BUG_REPORT_URL="https://bugs.gentoo.org/"

```

My version ipsec is :

```
Linux Openswan U2.6.38/K3.8.13-gentoo (netkey)

```

Problem with ipsec: 

```
Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.38/K3.8.13-gentoo (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing XFRM related proc values                      [OK]

        [OK]

        [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking NAT and MASQUERADEing                                  [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]
```

```
 /etc/init.d/ipsec status

IPsec running  - pluto pid: 7173

pluto pid 7173

No tunnels up
```

In logs I have the following:

```
packet from 192.168.1.1:500: initial Main Mode message received on 193.169.2.178:500 but no connection has been authorized
```

The forwarding is activated :

```
# cat  /proc/sys/net/ipv4/ip_forward

1
```

What can I do now ,you can help me please?

I found the problem, I scanned the port 500 and it looks like :

```
PORT     STATE         SERVICE

500/udp open|filtered isakmp
```

Normally shoud be like this : 

```
PORT    STATE SERVICE

500/udp open  isakmp
```

How can I open this port?

Thank you

----------

## thegeezer

what device is on the other end ?

have you configured /etc/ipsec.secrets ?

what is in your /etc/ipsec.conf ?

the error "packet from 192.168.1.1:500: initial Main Mode message received on 193.169.2.178:500 but no connection has been authorized" says the other side was trying to call you but you ahve not configured to respond to it

re: the port being filtered, it's dependent on the device on the other end

----------

