<br><br>
<div><span class="gmail_quote">2007/9/27, Paul Wouters <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Thu, 27 Sep 2007, ??? wrote:<br><br>> The server log is :<br>> ---------------------------------------------------------------------------------------------------------------
<br>> 2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**><br>> Phase 1: Negotiations have failed for user<br>> <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.<br>> 2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**>
<br>> Phase 1: No private key exists to sign packets.<br>> 2007-09-06 16:20:44 system info 00536 IKE<**.30.115.**><br>> Phase 1: Responder starts MAIN mode negotiations.<br><br>So it looks like an issue on that device then, not on openswan?
<br><br>> conn net-to-net<br>> authby=rsasig<br>> compress=yes<br>> esp=3DES-SHA1-96<br>> left=%defaultroute<br>> leftsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a>
<br>> leftnexthop=%defaultroute<br>> leftcert=/etc/ipsec.d/mycert2.pem<br>> leftrsasigkey=%cert<br>> right=**.**.**.**<br>> rightid="@<a href="http://SSG550.sti.com.tw">SSG550.sti.com.tw
</a>"<br><br>Looks like the <a href="http://SSG550.sti.com.tw">SSG550.sti.com.tw</a> end has no private key loaded?<br>Or openswan is using a different CA then the other end?<br>Or you are not using a CA, in which case you should load the right
<br>cert manually?<br><br><br>Paul<br></blockquote></div>
<div> </div>
<div>the same openswan version and the certificate/key is the same as I put them on the x86 linux environment. And it run correctly! the same config file and CA key file. </div>
<div>,I don't know is there any other lib... that I should copy to the embedded machine.<br> </div>