Hi paul,<br>
<br>
I changed the system i was using and now m using a fedora 2.6.5 and a
2.6.10 sys and now its able to create a isakmp SA, but getting stuck at quick mode as seen below.<br>
<br>
Thanks,<br>
Aheesh<br>
<br>
P.S. : I fail to understand why my previous attempts with a 2.6.10 and a 2.6.9 Fedora were resulting in rsa wrong key? error.<br>
<br>
==================================================================<br>
[root@DT345 root]# ipsec auto --up wind<br>
104 "wind" #1: STATE_MAIN_I1: initiate<br>
003 "wind" #1: received Vendor ID payload [Openswan (this version)
2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<br>
003 "wind" #1: received Vendor ID payload [Dead Peer Detection]<br>
106 "wind" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>
108 "wind" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>
004 "wind" #1: STATE_MAIN_I4: ISAKMP SA established<br>
117 "wind" #2: STATE_QUICK_I1: initiate<br>
003 "wind" #2: ERROR: netlink response for Add SA <a href="mailto:esp.951111a8@172.22.67.104">esp.951111a8@172.22.67.104</a> included errno 38: Function not implemented<br>
032 "wind" #2: STATE_QUICK_I1: internal error<br>
003 "wind" #2: ERROR: netlink response for Add SA <a href="mailto:esp.951111a8@172.22.67.104">esp.951111a8@172.22.67.104</a> included errno 38: Function not implemented<br>
032 "wind" #2: STATE_QUICK_I1: internal error<br>
010 "wind" #2: STATE_QUICK_I1: retransmission; will wait 20s for response<br>
003 "wind" #2: ERROR: netlink response for Add SA <a href="mailto:esp.951111a8@172.22.67.104">esp.951111a8@172.22.67.104</a> included errno 38: Function not implemented<br>
032 "wind" #2: STATE_QUICK_I1: internal error<br>
010 "wind" #2: STATE_QUICK_I1: retransmission; will wait 40s for response<br>
003 "wind" #2: ERROR: netlink response for Add SA <a href="mailto:esp.951111a8@172.22.67.104">esp.951111a8@172.22.67.104</a> included errno 38: Function not implemented<br>
032 "wind" #2: STATE_QUICK_I1: internal error<br>
031 "wind" #2: max number of retransmissions (2) reached
STATE_QUICK_I1. No acceptable response to our first Quick Mode
message: perhaps peer likes no proposal<br>
000 "wind" #2: starting keying attempt 2 of an unlimited number, but releasing whack<br>
<br>====================================================================<br>
<br>
<br><div><span class="gmail_quote">On 1/10/06, <b class="gmail_sendername">Paul Wouters</b> <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, 10 Jan 2006, aheesh nagraj wrote:<br><br>> I have 2 fedora 2.6 systmes with openswan-2.3.1 installed.<br><br>yum update to get openswan-2.4.x<br><br>> Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: Signature check
<br>> (on <a href="http://172.22.67.104"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "172.22.67.104" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 172.22.67.104</a>) failed (wrong key?); tried *AQOaBoHjT<br><br>You eithe raccidentally switcheft left/rightrsasigkey= or you made a cut and<br>paste error, or you are just using the wrong public keys. Run ipsec showhostkey --left
<br>on one end and ipsec showhostkey --right on the other end tr yagain.<br><br>Paul<br></blockquote></div><br>