Hi,<br><br>I&#39;ve configured a openswan to connect to a checkpoint by a linux with this doc : <a href="http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-RoadWarrior.html">http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-RoadWarrior.html
</a><br><br>But i&#39;ve this error in my logs when i start ipsec :<br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">loading secrets from &quot;/etc/ipsec/ipsec.secrets&quot;
<br>loaded private key file &#39;/etc/ipsec.d/private/freeswan-key.pem&#39; (1103 bytes)<br>&quot;freeswan-checkpoint-x509-net&quot; #1: max number of retransmissions (2) reached STATE_MAIN_I3.&nbsp; Possible authentication failure: no acceptable response to our first encrypted message
<br>&quot;freeswan-checkpoint-x509-net&quot; #1: starting keying attempt 2 of an unlimited number<br>&quot;freeswan-checkpoint-x509-net&quot; #2: initiating Main Mode to replace #1<br>&quot;freeswan-checkpoint-x509-net&quot; #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
<br>&quot;freeswan-checkpoint-x509-net&quot; #2: STATE_MAIN_I2: sent MI2, expecting MR2<br>&quot;freeswan-checkpoint-x509-net&quot; #2: ignoring CERT_CRL certificate request payload<br>&quot;freeswan-checkpoint-x509-net&quot; #2: I did not send a certificate because I do not have one.
<br>freeswan-checkpoint-x509-net&quot; #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>&quot;freeswan-checkpoint-x509-net&quot; #2: STATE_MAIN_I3: sent MI3, expecting MR3<br>&quot;freeswan-checkpoint-x509-net&quot; #2: ignoring informational payload, type INVALID_CERTIFICATE
<br clear="all"></blockquote><br>My ipsec.conf is this :<br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">conn freeswan-checkpoint-x509-net
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Right side is FreeS/WAN RoadWarrior<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightrsasigkey=%cert<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=%defaultroute<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightid=&quot;/O=noc-jupiter..iu2ehn/OU=users/CN=test-marc&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #rightcert=freeswan-cert.pem
 # As an alternative, the file itself can be specified<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Left side is Check Point<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; left=XX.XX.XX.XX<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=<a href="http://10.255.253.0/24">10.255.253.0/24</a><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftcert=checkpoint-cert.pem
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftrsasigkey=%cert<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #leftrsasigkey=0x0103......&nbsp; # only needed for old FreeS/WAN<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftid=XX.XX.XX.XX&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # Check Point VPN-1 send IP address as ID<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #leftid=&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # leave unset for old FreeS/WAN
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # config<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; type=tunnel<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyingtries=0<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; disablearrivalcheck=no<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=rsasig<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth=esp<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ike=3des-sha-modp1024<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; esp=3des-sha1<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyexchange=ike
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=start<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; pfs=no<br></blockquote><br><br>Can you help me please to resolv my problem.<br>Thanks.<br><br>-- <br>------------------------<br>SoukoussMan<br><a href="mailto:SoukoussMan@gmail.com">SoukoussMan@gmail.com
</a>