<div>Dear all:</div>
<div>I installed openswan 2.4.9 on ARM linux 2.4.19 </div>
<div>my config file is as follows:</div>
<div><br>config setup<br> klipsdebug=all<br> plutodebug=all<br> nat_traversal=yes<br> interfaces="%defaultroute"</div>
<div>
<p>include /etc/ipsec.d/examples/no_oe.conf<br> <br>conn net-to-net<br> left=%defaultroute<br> leftsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a><br> leftnexthop=%defaultroute<br> leftcert=/etc/ipsec.d/mycert2.pem
<br> leftrsasigkey=%cert<br> right=<a href="http://211.78.84.93">211.78.84.93</a><br> rightsubnet=<a href="http://10.2.111.0/24">10.2.111.0/24</a><br> rightid="@<a href="http://SSG550.sti.com.tw">SSG550.sti.com.tw</a>
"<br> rightnexthop=%defaultroute <br> auto=add<br> pfs=no</p></div>
<div> </div>
<div>The error message started :</div>
<div>
<p>------------------------------------------------------------------------------------------------------------------------------<br>pluto[2176]: | command executing up-client</p>
<p>pluto[2176]: | trusted_ca called with a=C=TW, ST=Taiwan, L=Taipei, O=Dawningtech, OU=Support, CN=Dawningtech b=(empty)</p>
<p>pluto[2176]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='net-to-net' PLUTO_NEXT_HOP='<a href="http://192.168.0.1">192.168.0.1</a>' PLUTO_INTERFACE='ipsec0' PLUTO_ME='
<a href="http://192.168.0.200">192.168.0.200</a>' PLUTO_MY_ID='C=TW, ST=Taiwan, L=Taipei, O=Dawningtech, OU=Support, CN=IPSEC' PLUTO_MY_CLIENT='<a href="http://192.168.0.0/24">192.168.0.0/24</a>' PLUTO_MY_CLIENT_NET='
<a href="http://192.168.0.0">192.168.0.0</a>' PLUTO_MY_CLIENT_MASK='<a href="http://255.255.255.0">255.255.255.0</a>' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='<a href="http://211.78.84.93">
211.78.84.93</a>' <a href="mailto:PLUTO_PEER_ID='@SSG550.sti.com.tw'">PLUTO_PEER_ID='@SSG550.sti.com.tw'</a> PLUTO_PEER_CLIENT='<a href="http://10.2.111.0/24">10.2.111.0/24</a>' PLUTO_PEER_CLIENT_NET='
<a href="http://10.2.111.0">10.2.111.0</a>' PLUTO_PEER_CLIENT_MASK='<a href="http://255.255.255.0">255.255.255.0</a>' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=TW, ST=Taiwan, L=Taipei, O=Dawningtech, OU=Support, CN=Dawningtech' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+UP' ipsec _updown
</p>
<p>pluto[2176]: "net-to-net" #2: up-client output: ip: an inet address is expected rather than "cache".</p>
<p>pluto[2176]: "net-to-net" #2: up-client command exited with status 1</p>
<p>pluto[2176]: | route_and_eroute: firewall_notified: false</p>
<p>pluto[2176]: | eroute_connection delete eroute <a href="http://192.168.0.0/24:0">192.168.0.0/24:0</a> --0-> <a href="http://10.2.111.0/24:0">10.2.111.0/24:0</a> => <a href="mailto:tun.1002@211.78.84.93">tun.1002@211.78.84.93
</a> (raw_eroute)</p>
<p>..............................................</p>
<p><br>003 "net-to-net" #2: discarding duplicate packet; already STATE_QUICK_I1<br>pluto[2176]: | next event EVENT_RETRANSMIT in 39 seconds for #2</p>
<p>----------------------------------------------------------------------------------------------------------------------------------</p>
<p><font color="#ff6666">After my debugging, I found this problem happened because "ip route flush cache" <br>command in uprule() of /usr/local/lib/ipsec/_updown file.</font></p>
<p> On my arm box,there is no "ip route flush cache" command to execute,so the security tunnel</p>
<p>can't setup completely.</p>
<p> </p>
<p>Anyone can give me direction to solve the problem !</p>
<p>Thanks<br></p></div>