<div>The server log is :</div>
<div>---------------------------------------------------------------------------------------------------------------</div>
<div>2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**> <br>Phase 1: Negotiations have failed for user <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.<br>2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**>
<br>Phase 1: No private key exists to sign packets.<br>2007-09-06 16:20:44 system info 00536 IKE<**.30.115.**> <br>Phase 1: Responder starts MAIN mode negotiations.<br>---------------------------------------------------------------------------------------------------------------
</div>
<div>the ipsec.conf is the same as I put in the x86 linux environment,</div>
<div>
<p>version 2.0 # conforms to second version of ipsec.conf specification</p>
<p>config setup<br> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br> klipsdebug=all<br> plutodebug=all<br> nat_traversal=yes<br> interfaces="%defaultroute"
</p>
<p>include /etc/ipsec.d/no_oe.conf<br> <br>conn net-to-net<br> authby=rsasig<br> compress=yes<br> esp=3DES-SHA1-96<br> left=%defaultroute<br> leftsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24
</a><br> leftnexthop=%defaultroute<br> leftcert=/etc/ipsec.d/mycert2.pem<br> leftrsasigkey=%cert<br> right=**.**.**.**<br> rightid="@<a href="http://SSG550.sti.com.tw">SSG550.sti.com.tw</a>"
<br> rightsubnet=<a href="http://10.2.111.0/24">10.2.111.0/24</a><br> rightnexthop=%defaultroute <br> auto=add<br> pfs=no</p></div>
<div>--------------------------------------------------------------------------------</div>
<div>Maybe you can give me a hint !</div>
<div> </div>
<div>Thanks</div>
<div><br> </div>
<div><span class="gmail_quote">2007/9/21, Paul Wouters <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Fri, 21 Sep 2007, ??? wrote:<br><br>> I have a client embedded machine which will connect to the remote IPSEC
<br>> server(juniper's SSG550 machine). The embedded machine is arm based machine<br>> and its kernel is linux 2.4.19 .<br>> I crosscompile openswan 2.4.9 with NAT-T patch/Klips and copy it to the<br>> embedded
machine.But it always show the error message:<br>><br>><br>> pluto[217]: "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>><br>> 108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
<br>><br>> pluto[217]: | modecfg pull: noquirk policy:push not-client<br>> pluto[217]: | phase 1 is done, looking for phase 1 to unpend<br>> pluto[217]: | next event EVENT_RETRANSMIT in 10 seconds for #1<br><br>
This doesn't seem to relate to arm vs x86. Are you sure the configuration<br>isn't different and that is causing the problem?<br><br>Why is the other end not sending the next packet? What is it its log?<br><br>Paul
<br></blockquote></div><br>