<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Mehran, <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks for the quick feedback, much appreciated !<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Keys are (unfortunately) the same on both ends. My mistake when
I faked IPs and keys, sorry about that.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>As far as PFS is concerned, PFS is ON on the fortigate.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I understand default for Openswan is ON too, so that should
match … <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Is there any way to get more detailed and useful logs (other
than tcpdump and the likes) ?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Regards,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Jeff<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>De :</span></b><span lang=EN-US style='font-size:
10.0pt;font-family:"Tahoma","sans-serif"'> Mehran Toreihi
[mailto:vpnbook@gmail.com] <br>
<b>Envoyé :</b> mardi 26 août 2008 11:48<br>
<b>À :</b> MM.ST<br>
<b>Cc :</b> users@openswan.org<br>
<b>Objet :</b> Re: [Openswan Users] [configuration] pending Phase 2 for
"xxx" replacing #0<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><br>
</span>Hi,<br>
First of all check that your PSKs (Pre shared keys) are the same. In the
configuration that you have already sent they are NOT. (one is key and the
other is test).<br>
I have no idea for inter operating between Fortigate and Openswan.<br>
Also check Fortigate for PFS (Perfect forward Secracy) support.<br>
Hope you got it. Let me know.<br>
<br>
Mehran Toreihi.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Tue, Aug 26, 2008 at 10:47 AM, <a href="http://MM.ST">MM.ST</a>
<<a href="mailto:jfendrody@mm.st">jfendrody@mm.st</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p><span lang=EN-US>Dear Openswan experts,</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>I am brand new to openswan (and VPN in generals) and have
been googling with no success for 2 days trying to fix my problem.</span><o:p></o:p></p>
<p><span lang=EN-US>Any help from the community would be most welcome.</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>I am trying to connect 1 server to a network protected by a
Fortigate firewall through a VPN.</span><o:p></o:p></p>
<p><span lang=EN-US>I managed to get openswan running on linux (Ubuntu) --at
least I guess so...</span><o:p></o:p></p>
<p><span lang=EN-US>But I cannot get the VPN up and running...</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>Ok here comes the technical details. </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>>> Let's start with the Fortigate configuration:</span><o:p></o:p></p>
<p><span lang=EN-US>Phase 1:</span><o:p></o:p></p>
<p><span lang=EN-US> - remote IP <a href="http://1.2.3.4" target="_blank">1.2.3.4</a></span><o:p></o:p></p>
<p><span lang=EN-US> - pre-shared key : "key"</span><o:p></o:p></p>
<p><span lang=EN-US> - Encryption : 3DES</span><o:p></o:p></p>
<p><span lang=EN-US> - Authentication : SHA1</span><o:p></o:p></p>
<p><span lang=EN-US> - Key lifetime : 28800 seconds</span><o:p></o:p></p>
<p><span lang=EN-US>Phase 2:</span><o:p></o:p></p>
<p><span lang=EN-US> - Encryption : 3DES</span><o:p></o:p></p>
<p><span lang=EN-US> - Authentication : SHA1</span><o:p></o:p></p>
<p><span lang=EN-US> - Key lifetime : 1800 seconds</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>>> Now the openswan configuration:</span><o:p></o:p></p>
<p><span lang=EN-US>/etc/ipsec.conf:</span><o:p></o:p></p>
<p><span lang=EN-US> config setup</span><o:p></o:p></p>
<p><span lang=EN-US> interfaces="ipsec0=eth0"</span><o:p></o:p></p>
<p><span lang=EN-US> nat_traversal=yes</span><o:p></o:p></p>
<p><span lang=EN-US> virtual_private=%v4:<a
href="http://10.0.0.0/8,%25v4:172.16.0.0/12,%25v4:%21192.168.254.0/24"
target="_blank">10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.254.0/24</a></span><o:p></o:p></p>
<p><span lang=EN-US> conn innov2demain</span><o:p></o:p></p>
<p><span lang=EN-US> left=<a href="http://1.2.3.4" target="_blank">1.2.3.4</a></span><o:p></o:p></p>
<p><span lang=EN-US> right=<a href="http://99.98.97.96"
target="_blank">99.98.97.96</a></span><o:p></o:p></p>
<p><span lang=EN-US> rightsubnet=<a href="http://192.168.254.0/24"
target="_blank">192.168.254.0/24</a></span><o:p></o:p></p>
<p><span lang=EN-US> keyexchange=ike</span><o:p></o:p></p>
<p><span lang=EN-US> auto=start</span><o:p></o:p></p>
<p><span lang=EN-US> authby=secret</span><o:p></o:p></p>
<p><span lang=EN-US> esp=3des</span><o:p></o:p></p>
<p><span lang=EN-US> compress=yes</span><o:p></o:p></p>
<p><span lang=EN-US> ikelifetime=1800</span><o:p></o:p></p>
<p><span lang=EN-US> # Disable Opportunistic Encryption</span><o:p></o:p></p>
<p><span lang=EN-US> include /etc/ipsec.d/examples/no_oe.conf</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>/etc/ipsec.secrets</span><o:p></o:p></p>
<p><span lang=EN-US> <a href="http://1.2.3.4" target="_blank">1.2.3.4</a>
<a href="http://99.98.97.96" target="_blank">99.98.97.96</a> : PSK
"test"</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>>> Here come the logs :</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf# ipsec verify</span><o:p></o:p></p>
<p><span lang=EN-US> Checking your system to see if IPsec got installed
and started</span><o:p></o:p></p>
<p><span lang=EN-US> correctly:</span><o:p></o:p></p>
<p><span lang=EN-US> Version check and ipsec
on-path
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Linux Openswan U2.4.6/K2.6.24.2-xxxx-std-ipv4-32
(netkey)</span><o:p></o:p></p>
<p><span lang=EN-US> Checking for IPsec support in
kernel
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> NETKEY detected, testing for disabled ICMP
send_redirects [OK]</span><o:p></o:p></p>
<p><span lang=EN-US> NETKEY detected, testing for disabled ICMP
accept_redirects [OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Checking for RSA private key
(/etc/ipsec.secrets)
</span><o:p></o:p></p>
<p><span lang=EN-US> [DISABLED]</span><o:p></o:p></p>
<p><span lang=EN-US> ipsec showhostkey: no default key in
"/etc/ipsec.secrets"</span><o:p></o:p></p>
<p><span lang=EN-US> Checking that pluto is
running
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Two or more interfaces found, checking IP
forwarding
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Checking NAT and
MASQUERADEing
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Checking for 'ip'
command
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> Checking for 'iptables'
command
[OK]</span><o:p></o:p></p>
<p><span lang=EN-US> </span>Opportunistic Encryption
Support
<o:p></o:p></p>
<p> [DISABLED]<o:p></o:p></p>
<p> <o:p></o:p></p>
<p>root@ks2228:/proc/sys/net/ipv4/conf# /etc/init.d/ipsec status<o:p></o:p></p>
<p> <span lang=EN-US>IPsec running - pluto pid: 22136</span><o:p></o:p></p>
<p><span lang=EN-US> pluto pid 22136</span><o:p></o:p></p>
<p><span lang=EN-US> No tunnels up</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>root@ks2228:/var/log# ipsec auto --verbose --up
innov2demain</span><o:p></o:p></p>
<p><span lang=EN-US> I have no feedback at all. Nothing happens ...</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf# ipsec auto --status</span><o:p></o:p></p>
<p><span lang=EN-US> 000 interface lo/lo <a href="http://127.0.0.1"
target="_blank">127.0.0.1</a></span><o:p></o:p></p>
<p><span lang=EN-US> 000 interface lo/lo <a href="http://127.0.0.1"
target="_blank">127.0.0.1</a></span><o:p></o:p></p>
<p><span lang=EN-US> 000 interface eth0/eth0 <a href="http://1.2.3.4"
target="_blank">1.2.3.4</a></span><o:p></o:p></p>
<p><span lang=EN-US> 000 interface eth0/eth0 <a href="http://1.2.3.4"
target="_blank">1.2.3.4</a></span><o:p></o:p></p>
<p><span lang=EN-US> 000 %myid = (none)</span><o:p></o:p></p>
<p><span lang=EN-US> 000 debug none</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm ESP encrypt: id=2, name=ESP_DES,
ivlen=8, keysizemin=64, keysizemax=64</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin=192, keysizemax=192</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm ESP auth attr: id=2,
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE encrypt: id=5,
name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE encrypt: id=7,
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5,
hashsize=16</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1,
hashsize=20</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144</span><o:p></o:p></p>
<p><span lang=EN-US> 000 algorithm IKE dh group: id=18,
name=OAKLEY_GROUP_MODP8192, bits=8192</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz}
:context={0,3,36} trans={0,3,72} attrs={0,3,48}</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> 000 "innov2demain":
1.2.3.4...8199.98.97.96===<a href="http://192.168.254.0/24" target="_blank">192.168.254.0/24</a>;
prospective erouted; eroute owner: #0</span><o:p></o:p></p>
<p><span lang=EN-US> 000
"innov2demain": srcip=unset; dstip=unset;
srcup=ipsec _updown; dstup=ipsec _updown;</span><o:p></o:p></p>
<p><span lang=EN-US> 000 "innov2demain": ike_life:
1800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0</span><o:p></o:p></p>
<p><span lang=EN-US> 000 "innov2demain": policy:
PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 32,24; interface: eth0;</span><o:p></o:p></p>
<p> 000 "innov2demain": newest ISAKMP SA: #0;
newest IPsec SA: #0;<o:p></o:p></p>
<p><span lang=EN-US> 000 "innov2demain": ESP algorithms
wanted: 3_000-1, 3_000-2, flags=strict</span><o:p></o:p></p>
<p><span lang=EN-US> 000 "innov2demain": ESP
algorithms loaded: 3_000-1, 3_000-2, flags=strict</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> 000 #41: "innov2demain":500 STATE_MAIN_I1
(sent MI1, expecting MR1); EVENT_RETRANSMIT in 2s; nodpd</span><o:p></o:p></p>
<p><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0</span><o:p></o:p></p>
<p><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0</span><o:p></o:p></p>
<p><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0</span><o:p></o:p></p>
<p><span lang=EN-US> 000</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf# tail -n 1000
/var/log/syslog | grep -i ipsec</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:16 ks2228 ipsec_setup: ...Openswan
IPsec stopped</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:16 ks2228 ipsec_setup: Stopping
Openswan IPsec...</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup: KLIPS ipsec0 on
eth0 <a href="http://1.2.3.4/255.255.255.0" target="_blank">1.2.3.4/255.255.255.0</a>
broadcast <a href="http://1.2.3.255" target="_blank">1.2.3.255</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup: ...Openswan
IPsec started</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup: Starting
Openswan IPsec U2.4.6/K2.6.24.2-xxxx-std-ipv4-32...</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 ipsec__plutorun: 104
"innov2demain" #1: STATE_MAIN_I1: initiate</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 ipsec__plutorun: ...could not
start conn "innov2demain"</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>root@ks2228:~# tail -n 100000 /var/log/auth.log | grep -i
pluto</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: shutting down</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: forgetting
secrets</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
"innov2demain": deleting connection</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
"innov2demain" #42: deleting state (STATE_MAIN_I1)</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: shutting down
interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: shutting down
interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: shutting down
interface eth0/eth0 <a href="http://1.2.3.4:4500" target="_blank">1.2.3.4:4500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]: shutting down
interface eth0/eth0 <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec__plutorun: Starting
Pluto subsystem...</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: Starting Pluto
(Openswan Version 2.4.6 X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR; Vendor ID OElLO]RdWNRD)</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: Setting
NAT-Traversal port-4500 floating to on</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228
pluto[27748]: port floating activation criteria
nat_t=1/port_fload=1</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
including NAT-Traversal patch (Version 0.6c)</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: WARNING: Open
of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: WARNING: Using
/dev/urandom as the source of random</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: starting up 1
cryptographic helpers</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27764]: WARNING: Open
of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27764]: WARNING: Using
/dev/urandom as the source of random</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: started helper
pid=27764 (fd:6)</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]: Using Linux 2.6
IPsec interface code on 2.6.24.2-xxxx-std-ipv4-32</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: Changing to
directory '/etc/ipsec.d/cacerts'</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: Changing to
directory '/etc/ipsec.d/aacerts'</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: Changing to
directory '/etc/ipsec.d/ocspcerts'</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: Changing to
directory '/etc/ipsec.d/crls'</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Warning: empty directory</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: added
connection description "innov2demain"</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: listening for
IKE messages</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: adding
interface eth0/eth0 <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: adding
interface eth0/eth0 <a href="http://1.2.3.4:4500" target="_blank">1.2.3.4:4500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: adding
interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: adding
interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]: loading secrets
from "/etc/ipsec.secrets"</span><o:p></o:p></p>
<p><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
"innov2demain" #1: initiating Main Mode</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>I probably missed something around 3DES, SHA1 and the likes
but I can't figure out what's wrong ... </span><o:p></o:p></p>
<p><span lang=EN-US>Any clue ??</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"
target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>