<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
<br>Hi Paul,<br><br>Does it make a difference if we use the whack command line or ipsec.conf? I'm not sure why using the whack command line was chosen. It was probably the easier route at the time. <br><br>If the right/Netgear certificate is not loaded on the left/Linux device manually, then it is not sent over (after checking ipsec auto --listall). <br><br>After reading about the 3/30/09 security release, I upgraded from OpenSWAN 2.6.19 to 2.6.21 and can no longer get the IPSec SA established. If I revert back to 2.6.19, the connection establishes as expected. Again, in both cases, we have the public certificate from the right manually loaded on the left. <br><br>2.6.19<br>pluto[237]: "vpn_tunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}<br>pluto[237]: "vpn_tunnel" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+UP {using isakmp#1 msgid:9763cb37 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}<br>pluto[237]: "vpn_tunnel" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000<br>pluto[237]: "vpn_tunnel" #1: received and ignored informational message<br>pluto[237]: "vpn_tunnel" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>pluto[237]: "vpn_tunnel" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x0eb2fbef <0xa21036f0 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}<br><br>2.6.21<br>pluto[177]: "vpn_tunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}<br>pluto[177]: "vpn_tunnel" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+UP {using isakmp#1 msgid:8499abd4 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}<br>pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000<br>pluto[177]: "vpn_tunnel" #1: received and ignored informational message<br>pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000<br>pluto[177]: "vpn_tunnel" #1: received and ignored informational message<br>pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000<br>pluto[177]: "vpn_tunnel" #1: received and ignored informational message<br>pluto[177]: "vpn_tunnel" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal<br><br><br>Thanks again Paul,<br>marcos<br><br><br><br><br /><hr />HotmailŪ goes with you. <a href='http://windowslive.com/Tutorial/Hotmail/Mobile?ocid=TXT_TAGLM_WL_HM_Tutorial_Mobile1_052009' target='_new'>Get it on your BlackBerry or iPhone.</a></body>
</html>