<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Hi all;<br>I'm new in openswan mailing list.<br>I have estabilished ipsec tunnel beetwen two host machines.<br><br>172.30.0.3 - host A <------ipsec------> host B - 172.30.2.10<br><br>My /etc/ipsec.conf in host A is:<br><br style="background-color: rgb(0, 0, 191);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">version 2.0 # conforms to second version of ipsec.conf specification</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"># basic configuration</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">config setup</span><br style="background-color:
rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"># Debug-logging controls: "none" for (almost) none, "all" for lots.</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"># klipsdebug=none</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"># plutodebug="control parsing"</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">conn %default</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> keyingtries=0</span><br style="background-color: rgb(255,
255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> # disablearrivalcheck=no</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> authby=rsasig</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> # leftrsasigkey=%dns</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> # rightrsasigkey=%dns</span><br
style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">conn test</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> auto=start</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> left=172.30.0.3</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> right=172.30.0.10</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">
keyexchange=ike</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> esp=3des-sha1-96</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> keyingtries=0</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> rekeymargin=4m</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> type=transport</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);">
disablearrivalcheck=no</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> authby=secret</span><br style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"><span style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 127);"> pfs=yes</span><br>and /etc/ipsec.secrets in A is:<br><br><span style="color: rgb(0, 0, 127);">172.30.0.10 172.30.0.3: PSK 0x123456</span><br><br>My /etc/ipsec.conf in host B is:<br>
<br><span style="color: rgb(0, 0, 127);">version 2.0 # conforms to second version of ipsec.conf specification</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"># basic configuration</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">config setup</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"># Debug-logging controls: "none" for (almost) none, "all" for lots.</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> #klipsdebug=none</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> #plutodebug="control parsing"</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">conn %default</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> keyingtries=0</span><br style="color: rgb(0, 0,
127);"><span style="color: rgb(0, 0, 127);"> # disablearrivalcheck=no</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> authby=rsasig</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> # leftrsasigkey=%dns</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> # rightrsasigkey=%dns</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">conn test</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> auto=start</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> left=172.30.0.3</span><br
style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> right=172.30.0.10</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> keyexchange=ike</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> esp=3des-sha1-96</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> keyingtries=0</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> rekeymargin=4m</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> type=transport</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> disablearrivalcheck=no</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> authby=secret</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0,
0, 127);"> pfs=yes</span><br style="color: rgb(0, 0, 127);"><br>and /etc/ipsec.secrets in B is:<br><br><span style="color: rgb(0, 0, 127);">172.30.0.3 172.30.0.10: PSK 0x123456</span><br><br>i restart ipsec service and i (#ipsec auto --up test) in both host<br>i have this message:<br><span style="color: rgb(0, 0, 127);">117 "test" #14: STATE_QUICK_I1: initiate</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">004 "test" #14: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x11aed5dd <0xeabdc300 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</span><br>and #ipsec setup status i have this message in both host<br><span style="color: rgb(0, 0, 127);">IPsec running - pluto pid: 3963</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">pluto pid 3963</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127); font-weight: bold;">No
tunnels up</span><br><br>i do #ipsec verify<br><span style="color: rgb(0, 0, 127);">Checking your system to see if IPsec got installed and started correctly:</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Version check and ipsec on-path [OK]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Linux Openswan U2.6.14/K2.6.18-92.1.10.el5 (netkey)</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Checking for IPsec support in kernel [OK]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">NETKEY detected, testing
for disabled ICMP send_redirects [FAILED]</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> Please disable /proc/sys/net/ipv4/conf/*/send_redirects</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> or NETKEY will cause the sending of bogus ICMP redirects!</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> or NETKEY will accept bogus ICMP redirects!</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0,
127);"><span style="color: rgb(0, 0, 127);">Checking for RSA private key (/etc/ipsec.secrets) [OK]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Checking that pluto is running [OK]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Two or more interfaces found, checking IP forwarding [FAILED]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Checking for 'ip'
command [OK]</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Checking for 'iptables' command [OK]</span><br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);">Opportunistic Encryption DNS checks:</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> Looking for TXT in forward dns zone: RTPPROXY [MISSING]</span><br style="color: rgb(0, 0, 127);"><span
style="color: rgb(0, 0, 127);"> Cannot execute command "host -t txt RTPPROXY": No such file or directory</span><br style="color: rgb(0, 0, 127);"><span style="color: rgb(0, 0, 127);"> Does the machine have at least one non-private address? [FAILED]</span><br style="color: rgb(0, 0, 127);"><br>I don't know where is the fault in my config<br>
Please who can help me.<br>Thanks.<br style="color: rgb(0, 0, 127);"><br style="color: rgb(0, 0, 127);"><br></td></tr></table><br>