<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello All,</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am using openswan 2.4.13 with fedora core 4 system.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I applied all the required patches and the normal tunnel
establishment is working fine.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>As per the ipsec.conf man page, “left=%any” option
signifies an address to be filled during negotiations.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>But when I try this option with my config file, the tunnel
establishment process is not succeeding</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Here is my config file:</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'># basic configuration</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>config setup</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>
interfaces=%defaultroute</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> nat_traversal=yes</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>conn RemoteGateway</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> type=tunnel</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> authby=secret</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> left=%any</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> leftid=10.1.1.253</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> leftsubnet=192.168.100.1/24</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> right=192.168.10.173</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> rightid=10.1.1.254</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> rightsubnet=192.168.200.1/24</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> ike=aes-128-sha1-modp1024</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> auth=esp</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> esp=aes-128-sha1</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> pfs=no</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> auto=route</span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> </span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> </span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Log messages:</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: packet from 192.168.10.173:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method
109</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: packet from 192.168.10.173:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-00]</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | nat-t detected, sending nat-t VID</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | find_host_connection called from main_inI1_outR1</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | find_host_pair_conn (find_host_connection2):
192.168.10.193:500 192.168.10.173:500 -> hp:none </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | find_host_connection called from main_inI1_outR1</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | find_host_pair_conn (find_host_connection2):
192.168.10.193:500 %any:500 -> hp:none </span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: packet from 192.168.10.173:500: initial Main Mode
message received on 192.168.10.193:500 but no connection has been authorized</span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>Dec 3 12:03:42
localhost pluto[4666]: | complete state transition with STF_IGNORE</span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Dec 3 12:03:42 localhost pluto[4666]: | next
event EVENT_PENDING_PHASE2 in 73 seconds</span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> </span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>Please Note: 192.168.10.193 is my system interface
IP Address</span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> </span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>When I try the same configurations with
“left=%defaultroute” option, tunnel establishment is fine.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am trying with “left=%any” option, because I
have 3 interfaces in my system and I want to use any interface which is active
during the negotiation time</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Please suggest me, whether anything to be added / enabled in
order to make this work</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks in advance</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Ravi</span></font></p>
</div>
DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing the
contents of this message. D-Link (India) Limited accepts no responsibility
for loss or damage arising from the use of the information transmitted by
this email including damage from virus.
</body>
</html>