<div>
<div>Ok,</div>
<div> </div>
<div>My version is 2.4.x my rpm installed is openswan-2.4.4-1.0.FC4.1.i386.rpm, en my router and the linux I use md5, my router have: crypto ipsec transform-set DICE esp-3des esp-md5-hmac, in the linux have: esp=3des-md5-96
<br> </div>
<div>Sorry en the other mail I writo bad hte cisco configuration, I use md5 in both.</div>
<div> </div>
<div>Regards.<br> </div><br> </div>
<div><br> </div>
<div><span class="gmail_quote">On 3/28/06, <b class="gmail_sendername">Paul Wouters</b> <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Tue, 28 Mar 2006, Vida Luz Arista wrote:<br><br>> vpn with a cisco 800, the problem es that the VPN can't be established, the
<br>> message error in my linux is: ipsec__plutorun: ...could not start conn<br>> "tunnelipsec"<br>><br>> I don't have firewall then I Haven't iptables rules, If I don't have<br>> firewall I need iptables rules ? is necesary?
<br><br>Only as of openswan 2.5 or 3.0 (not yet released)<br>openswan upto 2.4.x do not require iptables.<br><br>> conn tunnelipsec<br>> type=tunnel<br>> left=<a href="http://165.98.224.82"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "165.98.224.82" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 165.98.224.82
</a><br>> leftsubnet=<a href="http://172.16.1.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "172.16.1.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 172.16.1.0/24</a><br>> right= <a href="http://165.98.236.214"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "165.98.236.214" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 165.98.236.214</a><br>> rightsubnet=<a href="http://172.16.26.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "172.16.26.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 172.16.26.0/24
</a><br>> esp=3des-md5-96<br>> keyexchange=ike<br>> pfs=no<br>> authby=secret<br>> ikelifetime=7800<br>> compress=no<br>> auto=start<br>><br>
> include /etc/ipsec.d/no_oe.conf<br>><br>> ipsec.secrets<br>><br>> =========<br>><br>> <a href="http://165.98.224.82"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "165.98.224.82" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 165.98.224.82</a> <a href="http://165.98.236.214"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "165.98.236.214" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 165.98.236.214</a>: PSK "vp17226"
<br><br>> crypto ipsec transform-set DICE esp-3des esp-sha-hmac<br><br>On openswan you configure md5, on your vpn device sha1?<br>That does not match.<br><br>Not specifying any ike= or esp= lines will make openswan accept
<br>all sane defaults (md5,sha1,3des and aes)<br><br>Paul<br></blockquote></div><br>