<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Paul<br>
<br>
Thanks for your advice~<br>
I finally found the error was my gateway's interface not be added to
the openswan at boot time.<br>
So it's not the openswan's error.<br>
I'll tune my connection configuration with your advice, thank lots.<br>
<br>
Mix<br>
<br>
Paul Wouters wrote:
<blockquote cite="midPine.LNX.4.64.0702061638260.1768@tla.xelerance.com"
type="cite">
<pre wrap="">On Tue, 6 Feb 2007, mix wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Subject: Re: [Openswan Users] How to setup site-to-site with two pppoe
openswan gateway?
I got this message
000 #65: "site_192.168.6.0_24-192.168.2.0_24":500 STATE_MAIN_I1 (sent
MI1, expecting MR1); EVENT_RETRANSMIT in 21s; nodpd
000 #65: pending Phase 2 for "site_192.168.6.0_24-192.168.2.0_24"
replacing #0
</pre>
</blockquote>
<pre wrap=""><!---->
Disable plutodebug= and klipsdebug=, restart openswan, and then start
from scratch, showing us the entire log.
I can't tell for sure by this one line, but it might be that port 500 udp
is filtered on one or both ends, either by the ISP or by your gateways.
</pre>
<blockquote type="cite">
<pre wrap=""> conn site_192.168.2.0_24-192.168.6.0_24
left=a.b.c.d
leftsubnet=192.168.2.0/24
right=w.x.y.z
rightsubnet=192.168.6.0/24
ike=AES256-SHA1-MODP1536,AES256-SHA1-MODP1024,AES256-SHA1-MODP768
esp=AES256-SHA1-96
</pre>
</blockquote>
<pre wrap=""><!---->
ike= and esp= lines shouldnt be needed for openswan-openswan connections.
</pre>
<blockquote type="cite">
<pre wrap=""> dpddelay=10
dpdtimeout=15
keyingtries=%forever
keylife=24h
ikelifetime=8h
rekey=no
</pre>
</blockquote>
<pre wrap=""><!---->
you probably want rekey=yes so the tunnel stays up for longer then keylife,
which you set to 24h.
Paul
</pre>
</blockquote>
<br>
</body>
</html>