<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Texte brut Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.TextebrutCar
{mso-style-name:"Texte brut Car";
mso-style-priority:99;
mso-style-link:"Texte brut";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><span lang=EN-US>Dear Openswan experts,<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>I am brand new to openswan (and VPN in
generals) and have been googling with no success for 2 days trying to fix my
problem.<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Any help from the community would be
most welcome.<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>I am trying to connect 1 server to a
network protected by a Fortigate firewall through a VPN.<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>I managed to get openswan running on
linux (Ubuntu) --at least I guess so...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>But I cannot get the VPN up and
running...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Ok here comes the technical details. <o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>>> Let's start with the Fortigate
configuration:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Phase 1:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - remote IP 1.2.3.4<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - pre-shared key : "key"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Encryption : 3DES<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Authentication : SHA1<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Key lifetime : 28800 seconds<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Phase 2:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Encryption : 3DES<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Authentication : SHA1<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> - Key lifetime : 1800 seconds<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>>> Now the openswan configuration:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>/etc/ipsec.conf:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> config setup<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> interfaces="ipsec0=eth0"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> nat_traversal=yes<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.254.0/24<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> conn innov2demain<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> left=1.2.3.4<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> right=99.98.97.96<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> rightsubnet=192.168.254.0/24<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> keyexchange=ike<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> auto=start<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> authby=secret<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> esp=3des<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> compress=yes<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> ikelifetime=1800<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> # Disable Opportunistic Encryption<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> include
/etc/ipsec.d/examples/no_oe.conf<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>/etc/ipsec.secrets<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 1.2.3.4 99.98.97.96 : PSK
"test"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>>> Here come the logs :<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf#
ipsec verify<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking your system to see if IPsec
got installed and started<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> correctly:<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Version check and ipsec
on-path [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Linux Openswan
U2.4.6/K2.6.24.2-xxxx-std-ipv4-32 (netkey)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking for IPsec support in
kernel [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> NETKEY detected, testing for disabled
ICMP send_redirects [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> NETKEY detected, testing for disabled
ICMP accept_redirects [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking for RSA private key
(/etc/ipsec.secrets) <o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> [DISABLED]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> ipsec showhostkey: no default key in
"/etc/ipsec.secrets"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking that pluto is
running [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Two or more interfaces found, checking
IP forwarding [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking NAT and
MASQUERADEing [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking for 'ip'
command [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Checking for 'iptables'
command [OK]<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> </span>Opportunistic Encryption
Support <o:p></o:p></p>
<p class=MsoPlainText> [DISABLED]<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>root@ks2228:/proc/sys/net/ipv4/conf# /etc/init.d/ipsec
status<o:p></o:p></p>
<p class=MsoPlainText> <span lang=EN-US>IPsec running - pluto pid: 22136<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> pluto pid 22136<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> No tunnels up<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>root@ks2228:/var/log# ipsec auto
--verbose --up innov2demain<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> I have no feedback at all. Nothing
happens ...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf#
ipsec auto --status<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 interface lo/lo 127.0.0.1<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 interface lo/lo 127.0.0.1<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 interface eth0/eth0 1.2.3.4<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 interface eth0/eth0 1.2.3.4<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 %myid = (none)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 debug none<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm ESP encrypt: id=2,
name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm ESP encrypt: id=3,
name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm ESP auth attr: id=2,
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE encrypt: id=5,
name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE encrypt: id=7,
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE hash: id=1,
name=OAKLEY_MD5, hashsize=16<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE hash: id=2,
name=OAKLEY_SHA1, hashsize=20<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 algorithm IKE dh group: id=18,
name=OAKLEY_GROUP_MODP8192, bits=8192<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 stats db_ops.c: {curr_cnt,
total_cnt, maxsz} :context={0,3,36} trans={0,3,72} attrs={0,3,48}<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain": 1.2.3.4...8199.98.97.96===192.168.254.0/24;
prospective erouted; eroute owner: #0<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain":
srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain":
ike_life: 1800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%;
keyingtries: 0<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain":
policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 32,24; interface: eth0;<o:p></o:p></span></p>
<p class=MsoPlainText> 000 "innov2demain": newest ISAKMP SA: #0;
newest IPsec SA: #0;<o:p></o:p></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain": ESP
algorithms wanted: 3_000-1, 3_000-2, flags=strict<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 "innov2demain": ESP
algorithms loaded: 3_000-1, 3_000-2, flags=strict<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 #41: "innov2demain":500
STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 2s; nodpd<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000 #41: pending Phase 2 for
"innov2demain" replacing #0<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> 000<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>root@ks2228:/proc/sys/net/ipv4/conf#
tail -n 1000 /var/log/syslog | grep -i ipsec<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:16 ks2228 ipsec_setup:
...Openswan IPsec stopped<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:16 ks2228 ipsec_setup:
Stopping Openswan IPsec...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup:
KLIPS ipsec0 on eth0 1.2.3.4/255.255.255.0 broadcast 1.2.3.255<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup:
...Openswan IPsec started<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 ipsec_setup:
Starting Openswan IPsec U2.4.6/K2.6.24.2-xxxx-std-ipv4-32...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228
ipsec__plutorun: 104 "innov2demain" #1: STATE_MAIN_I1: initiate<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228
ipsec__plutorun: ...could not start conn "innov2demain"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> <o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>root@ks2228:~# tail -n 100000
/var/log/auth.log | grep -i pluto<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
shutting down<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
forgetting secrets<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
"innov2demain": deleting connection<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
"innov2demain" #42: deleting state (STATE_MAIN_I1)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
shutting down interface lo/lo 127.0.0.1:4500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
shutting down interface lo/lo 127.0.0.1:500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
shutting down interface eth0/eth0 1.2.3.4:4500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:15 ks2228 pluto[22836]:
shutting down interface eth0/eth0 1.2.3.4:500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228
ipsec__plutorun: Starting Pluto subsystem...<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
Starting Pluto (Openswan Version 2.4.6 X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR; Vendor ID OElLO]RdWNRD)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
Setting NAT-Traversal port-4500 floating to on<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228
pluto[27748]: port floating activation criteria nat_t=1/port_fload=1<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
including NAT-Traversal patch (Version 0.6c)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate
sources of random<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
WARNING: Using /dev/urandom as the source of random<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
starting up 1 cryptographic helpers<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27764]: WARNING:
Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of
random<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27764]:
WARNING: Using /dev/urandom as the source of random<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
started helper pid=27764 (fd:6)<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:24 ks2228 pluto[27748]:
Using Linux 2.6 IPsec interface code on 2.6.24.2-xxxx-std-ipv4-32<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Changing to directory '/etc/ipsec.d/cacerts'<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Changing to directory '/etc/ipsec.d/aacerts'<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Changing to directory '/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Changing to directory '/etc/ipsec.d/crls'<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
Warning: empty directory<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
added connection description "innov2demain"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
listening for IKE messages<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
adding interface eth0/eth0 1.2.3.4:500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
adding interface eth0/eth0 1.2.3.4:4500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
adding interface lo/lo 127.0.0.1:4500<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
loading secrets from "/etc/ipsec.secrets"<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US> Aug 26 08:01:25 ks2228 pluto[27748]:
"innov2demain" #1: initiating Main Mode<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>I probably missed something around 3DES,
SHA1 and the likes but I can't figure out what's wrong ... <o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US>Any clue ??<o:p></o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</body>
</html>