<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Arial">Hi Paul,<br>
<br>
Thanks for the response. No, not win95 thankfully :-) My organisation
has a vpn server that is running freeswan 1.4 off RH 5.2. It's been
around for years.<br>
<br>
I have been tasked with getting a new remote firewall running FC7 with
openswan to connect to the above.<br>
<br>
I cannot simply replace the RH 5.2 vpn server because there are other
vpn servers in non-local locations who are using it. They are all RH
9. So unless I replace the 5.2 machine and ALL the other non-local
machines at the same time, I am stuck with it.<br>
<br>
At this stage basic functionality is more important that security and
versatility. If I can get the FC7 openswan to talk to and connect to
the RH 9 Freeswan, I'd be very content for the time being and then I
can make a case to replace all the other vpns servers over time.<br>
<br>
I have made some progress and have the ipsec.secrets and ipsec.conf
file configured at both ends.<br>
<br>
I am getting the following error when i restart ipsec on the freeswan
side:<br>
<br>
</font></font><font size="-1"><font face="Arial">ipsec_setup: 102
"<conn_name>" #15: STATE_MAIN_I1: initiate<br>
ipsec_setup: 010 "</font></font><font size="-1"><font face="Arial"><conn_name></font></font><font
size="-1"><font face="Arial">" #15: STATE_MAIN_I1: retransmission<br>
ipsec_setup: 010 "</font></font><font size="-1"><font face="Arial"><conn_name></font></font><font
size="-1"><font face="Arial">" #15: STATE_MAIN_I1: retransmission<br>
ipsec_setup: 031 "</font></font><font size="-1"><font face="Arial"><conn_name></font></font><font
size="-1"><font face="Arial">" #15: STATE_MAIN_I1: too many
retransmissions<br>
ipsec_setup: 000 "</font></font><font size="-1"><font face="Arial"><conn_name></font></font><font
size="-1"><font face="Arial">" #15: starting keying attempt 2 of an
unlimited number, but releasing whack<br>
<br>
And I cannot ping either subnet from the other.<br>
<br>
So before I started troubleshooting, I wanted to ensure that it is
possible to do what I am trying to do.<br>
</font></font>
<pre class="moz-signature" cols="72">Regards,
Arjun Datta
Great Gulf Homes / Ashton Woods Homes
416 441 1262 x2822
</pre>
<br>
<br>
Paul Wouters wrote:
<blockquote
cite="mid:Pine.LNX.4.64.0801251828070.9299@newtla.xelerance.com"
type="cite">
<pre wrap="">On Fri, 25 Jan 2008, Arjun Datta wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Can Openswan U2.4.7/K on 2.6.23.12-52.fc7 connect to FreeSwan 1.4 ?
</pre>
</blockquote>
<pre wrap=""><!---->
Not if you need X509, NAT-T, XAUTH, IKEv2 and if you dont run in any
of th many bugs in freeswan 1.4, which is what? 10 years old?
Are you still running windows 95?
</pre>
<blockquote type="cite">
<pre wrap="">I believe the FreeSwan server is RH 5.2 (Don't ask :- )
</pre>
</blockquote>
<pre wrap=""><!---->
It's a huge security risk.
Paul
</pre>
</blockquote>
</body>
</html>