<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.3790.2817" name=GENERATOR></HEAD>
<BODY>
<DIV>Hi, all:</DIV>
<DIV> </DIV>
<DIV>I can set up openswan to talk to both openswan and strongswan.</DIV>
<DIV>But when I try it with Xp(SP2) or windows 2003 (SP1). Neither works.</DIV>
<DIV>My kernel is 2.6.17 using netkey.</DIV>
<DIV>My openswan is 2.4.5</DIV>
<DIV> </DIV>
<DIV>It seems my /var/log/secure doesn't exists, I use tcpdump port
500</DIV>
<DIV>to print the message. Also on windows, I check the file oakley.log
file.</DIV>
<DIV> </DIV>
<DIV>I can see the phase 1 succeeds, the problem is with phase 2.</DIV>
<DIV>The following log file shows.</DIV>
<DIV>Xp sends openswan</DIV>
<DIV> exchange: Oakley Quick
Mode<BR>Openswan replies:</DIV>
<DIV> exchange: ISAKMP Informational
Exchange</DIV>
<DIV>Any suggestions?</DIV>
<DIV> </DIV>
<DIV>Thank you very much.</DIV>
<DIV> </DIV>
<DIV>George Wu</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Openswan box: (192.168.1.131). </DIV>
<DIV> </DIV>
<DIV>15:27:57.797610 IP 192.168.1.128.500 > 192.168.1.131.500: isakmp: phase
2/others<BR> I oakley-quick[E]<BR>15:28:00.057977 IP 192.168.1.131.500 >
192.168.1.128.500: isakmp: phase 2/others<BR> R inf[E]<BR>15:28:02.026189
IP 192.168.1.131.500 > 192.168.1.128.500: isakmp: phase 2/others<BR> R
inf[E]<BR>15:28:03.083805 IP 192.168.1.128.500 > 192.168.1.131.500: isakmp:
phase 2/others<BR> I oakley-quick[E]<BR>15:28:04.902313 IP
192.168.1.131.500 > 192.168.1.128.500: isakmp: phase 2/others<BR> R
inf[E]<BR>15:28:07.810272 IP 192.168.1.128.500 > 192.168.1.131.500: isakmp:
phase 2/others<BR> I oakley-quick[E]<BR>15:28:09.619009 IP
192.168.1.131.500 > 192.168.1.128.500: isakmp: phase 2/others<BR> R
inf[E]<BR>15:28:12.735945 IP 192.168.1.128.500 > 192.168.1.131.500: isakmp:
phase 2/others<BR> I inf[E]<BR>15:28:13.898832 IP 192.168.1.131.500 >
192.168.1.128.500: isakmp: phase 2/others<BR> R inf[E]</DIV>
<DIV> </DIV>
<DIV>Xp box (192.168.1.128). </DIV>
<DIV> </DIV>
<DIV> 2-03: 16:00:49:7:7c8 Sending: SA = 0x018203C0 to 192.168.1.131:Type
2.500<BR> 2-03: 16:00:49:7:7c8 ISAKMP Header: (V1.0), len =
1300<BR> 2-03: 16:00:49:7:7c8 I-COOKIE
1402e523840656ca<BR> 2-03: 16:00:49:7:7c8 R-COOKIE
e0aa9e696a1964e6<BR> 2-03: 16:00:49:7:7c8 exchange: Oakley
Quick Mode<BR> 2-03: 16:00:49:7:7c8 flags: 1 ( encrypted
)<BR> 2-03: 16:00:49:7:7c8 next payload: HASH<BR> 2-03:
16:00:49:7:7c8 message ID: 1921faed<BR> 2-03: 16:00:49:7:7c8
Ports S:f401 D:f401<BR> 2-03: 16:00:49:741:868 <BR> 2-03:
16:00:49:741:868 Receive: (get) SA = 0x018203c0 from
192.168.1.131.500<BR> 2-03: 16:00:49:741:868 ISAKMP Header: (V1.0), len =
68<BR> 2-03: 16:00:49:741:868 I-COOKIE
1402e523840656ca<BR> 2-03: 16:00:49:741:868 R-COOKIE
e0aa9e696a1964e6<BR> 2-03: 16:00:49:741:868 exchange: ISAKMP
Informational Exchange<BR> 2-03: 16:00:49:741:868 flags: 1 (
encrypted )<BR> 2-03: 16:00:49:741:868 next payload:
HASH<BR> 2-03: 16:00:49:741:868 message ID:
1740b820<BR> 2-03: 16:00:49:741:868 processing HASH
(Notify/Delete)<BR> 2-03: 16:00:49:741:868 processing payload
NOTIFY<BR> 2-03: 16:00:49:741:868 notify:
INVALID-ID-INFORMATION<BR> 2-03: 16:00:49:741:868 isadb_set_status
sa:018203C0 centry:00000000 status 3601<BR> 2-03: 16:00:50:678:868 </DIV>
<DIV> </DIV></BODY></HTML>