<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>
<DIV><BR></DIV><FONT size=2>
<DIV><STRONG><U><FONT face=Times></FONT></U></STRONG> </DIV>
<DIV><STRONG><U><FONT face=Times>Subnet-to-Subnet configuration :
Win2000-to-Freeswan (PSK).</FONT></U></STRONG></DIV>
<DIV><STRONG><U><FONT face=Times></FONT></U></STRONG> </DIV>
<DIV>Hello All,</DIV>
<DIV> </DIV>
<DIV>I am trying to establish a NET -NET VPN from WIN2K and
openswan-1.0.1.</DIV>
<DIV>The following is the configuration and log.</DIV>
<DIV>The connection seems been established, but host-B can't ping host-A.</DIV>
<DIV>If you have any idea, please let me know.</DIV>
<DIV>Thanks.</DIV>
<DIV> </DIV>
<DIV>Alvin</DIV>
<DIV> </DIV>
<DIV><FONT face=Fixedsys
size=1> LINUX-9.0
tunnel WIN2K</FONT>
<DIV>
<DIV><FONT face=Fixedsys size=1> host-B
----------OPENSWAN-gateway ================== Gateway
-------------------- host-A</FONT></DIV>
<DIV><FONT face=Fixedsys
size=1>192.168.5.133 192.168.5.254 172.19.35.150 172.19.35.200 192.168.1.254 192.168.1.100</FONT></DIV></DIV></DIV>
<DIV> </DIV>
<DIV>conn psk-gw<BR>
authby=secret<BR>
left=172.19.35.150</DIV>
<DIV> leftnexthop=172.19.35.200</DIV>
<DIV>
rightsubnet=192.168.5.0/24<BR>
right=172.19.35.200</DIV>
<DIV> rightnexthop=172.19.35.150</DIV>
<DIV>
rightsubnet=192.168.1.0/24<BR>
auto=add</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR># ipsec auto --add �up psk-gw<BR>Jan 1 03:47:46 pluto[858]:
"psk-gw" #1: initiating Main Mode</DIV>
<DIV> </DIV>
<DIV>104 "psk-gw" #1: STATE_MAIN_I1: initiate<BR>Jan 1 03:47:46
pluto[858]: "psk-gw" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000002]</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000002]<BR>Jan 1 03:47:47 pluto[858]: "psk-gw" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2</DIV>
<DIV> </DIV>
<DIV>106 "psk-gw" #1: STATE_MAIN_I2: sent MI2, expecting MR2<BR>Jan 1
03:47:47 pluto[858]: "psk-gw" #1: discarding duplicate packet; already
STATE_MAIN_I2</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #1: discarding duplicate packet; already
STATE_MAIN_I2<BR>Jan 1 03:47:48 pluto[858]: "psk-gw" #1: WARNING:
compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 860000 usec</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #1: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024
took 860000 usec<BR>Jan 1 03:47:48 pluto[858]: "psk-gw" #1: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3</DIV>
<DIV> </DIV>
<DIV>108 "psk-gw" #1: STATE_MAIN_I3: sent MI3, expecting MR3<BR>Jan 1
03:47:49 pluto[858]: "psk-gw" #1: discarding duplicate packet; already
STATE_MAIN_I3</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #1: discarding duplicate packet; already
STATE_MAIN_I3<BR>Jan 1 03:47:49 pluto[858]: "psk-gw" #1: Main mode peer ID
is ID_IPV4_ADDR: '172.19.35.200'</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:47:49 pluto[858]: "psk-gw" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:47:49 pluto[858]: "psk-gw" #1: ISAKMP SA established</DIV>
<DIV> </DIV>
<DIV>004 "psk-gw" #1: STATE_MAIN_I4: ISAKMP SA established<BR>Jan 1
03:47:49 pluto[858]: "psk-gw" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK</DIV>
<DIV> </DIV>
<DIV>122 "psk-gw" #2: STATE_QUICK_I1: initiate<BR>Jan 1 03:47:50
pluto[858]: "psk-gw" #1: discarding duplicate packet; already
STATE_MAIN_I4</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:47:50 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:47:50 pluto[858]: "psk-gw" #2: ignoring informational
payload, type IPSEC_RESPONDER_LIFETIME</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #2: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME<BR>Jan 1 03:47:51 pluto[858]: "psk-gw" #2:
WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 850000 usec</DIV>
<DIV> </DIV>
<DIV>003 "psk-gw" #2: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024
took 850000 usec<BR>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: transition
from state STATE_QUICK_I1 to state STATE_QUICK_I2</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: sent QI2, IPsec SA
established</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV>004 "psk-gw" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established<BR>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: retransmitting in
response to duplicate packet; already STATE_QUICK_I2</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV># Jan 1 03:48:01 pluto[858]: "psk-gw" #2: retransmitting in response
to duplicate packet; already STATE_QUICK_I2</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: discarding duplicate packet
-- exhausted retransmission; already STATE_QUICK_I2</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:02 pluto[858]: "psk-gw" #2: message ignored because it
contains an unexpected payload type (ISAKMP_NEXT_HASH).</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:02 pluto[858]: "psk-gw" #2: sending encrypted
notification INVALID_PAYLOAD_TYPE to 172.19.35.200:500</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:02 pluto[858]: "psk-gw" #2: IKE message has the Commit
Flag set but Pluto doesn't implement this feature; ignoring flag</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:02 pluto[858]: "psk-gw" #2: message ignored because it
contains an unexpected payload type (ISAKMP_NEXT_HASH).</DIV>
<DIV> </DIV>
<DIV>Jan 1 03:48:02 pluto[858]: "psk-gw" #2: sending encrypted
notification INVALID_PAYLOAD_TYPE to 172.19.35.200:500</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># ipsec spi<BR><A
href="mailto:tun0x100a@172.19.35.200">tun0x100a@172.19.35.200</A> IPIP: dir=out
src=172.19.35.150 life(c,s,h)=addtime(105,0,0)<BR><A
href="mailto:esp0xfb8da032@172.19.35.150">esp0xfb8da032@172.19.35.150</A>
ESP_3DES_HMAC_MD5: dir=in src=172.19.35.200 iv_bits<BR>=64bits
iv=0x556cd595fd5bcc1f ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)<BR>=addtime(106,0,0)<BR><A
href="mailto:esp0xf0fc7dbd@172.19.35.200">esp0xf0fc7dbd@172.19.35.200</A>
ESP_3DES_HMAC_MD5: dir=out src=172.19.35.150 iv_bits<BR>=64bits
iv=0xdf4551ac23792b31 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)<BR>=addtime(105,0,0)<BR><A
href="mailto:tun0x1009@172.19.35.150">tun0x1009@172.19.35.150</A> IPIP:
dir=in src=172.19.35.200
life(c,s,h)=addtime(106,0,0)</FONT></DIV></FONT></DIV></BODY></HTML>