<DIV><BR>Hi Paul:</DIV>
<DIV>I get the openswan-2.6.23dr1 from ftp.</DIV>
<DIV>After installed.I do three test:</DIV>
<DIV>The first is host-to-host tunnel,network topology is shown below:</DIV>
<DIV>192.168.1.3===192.168.1.104</DIV>
<DIV>I'm hapyy with the ESP packets through up and down.</DIV>
<DIV>The second is subnet-to-subnet .Things is ok too.</DIV>
<DIV>But the third test fail:I do a roadwarrior test.</DIV>
<DIV>Configure file in roadwarrior is :</DIV>
<DIV>config setup<BR> interfaces=%defaultroute<BR> klipsdebug=none<BR> plutodebug=none<BR>conn tunnelipsec<BR> type=tunnel<BR> authby=secret<BR> left=%defaultroute<BR> <A href="mailto:leftid=@wrylab">leftid=@wrylab</A><BR> right=192.168.1.104<BR> esp=3des-md5<BR> keyexchange=ike<BR> auto=start</DIV>
<DIV>I use the psk,the ipsec.secrets is :%any 192.168.1.104: psk "openswan"</DIV>
<DIV>The configure file in the server side:</DIV>
<DIV>config setup<BR> interfaces=%defaultroute<BR> klipsdebug=none<BR> plutodebug=none<BR>conn tunnelipsec<BR> type=tunnel<BR> authby=secret<BR> left=192.168.1.104<BR> right=%any<BR> <A href="mailto:rightid=@wrylab">rightid=@wrylab</A><BR> esp=3des-md5<BR> keyexchange=ike<BR> auto=add</DIV>
<DIV>ipsec.secrets is below:192.168.1.104 %any: psk "cisco"</DIV>
<DIV>After I restart the openswan ,the log in roadwarrior side shows:</DIV>Mar 12 03:21:22 pluto[3984]: "tunnelipsec" #2: initiating Main Mode to replace #1<BR>Mar 12 03:21:22 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]<BR>Mar 12 03:21:32 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]<BR>Mar 12 03:21:52 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]
<DIV>I can't quite understand.Any suggesion?</DIV>
<DIV>One more thing:</DIV>
<DIV>I execute ipsec verify ,things seem abnormal:</DIV>
<DIV>Pluto listening for NAT-T on udp 4500 [FAILED]<BR>Two or more interfaces found, checking IP forwarding [FAILED]</DIV>
<DIV>I have already enable ip_forward:</DIV>
<DIV>[root@wrylab lo]# cat /proc/sys/net/ipv4/ip_forward <BR>1</DIV>
<DIV>But it also shows FAILED.Can you help me?Thanks in advance.</DIV>
<DIV>Below is some network parameters:</DIV>
<DIV>In roadwarrior side:</DIV>
<DIV>/ $ ifconfig <BR>eth0 Link encap:Ethernet HWaddr 00:0A:11:22:33:44 <BR> inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0<BR> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<BR> RX packets:7080 errors:156 dropped:0 overruns:0 frame:156<BR> TX packets:1420 errors:0 dropped:0 overruns:0 carrier:0<BR> collisions:0 txqueuelen:1000 <BR> RX bytes:4500086 (4.2 MiB) TX bytes:128316 (125.3 KiB)<BR> Interrupt:21 Base address:0x4000 </DIV>
<DIV>lo Link encap:Local Loopback <BR> inet addr:127.0.0.1 Mask:255.0.0.0<BR> UP LOOPBACK RUNNING MTU:16436 Metric:1<BR> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<BR> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<BR> collisions:0 txqueuelen:0 <BR> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</DIV>
<DIV>/ $ route<BR>Kernel IP routing table<BR>Destination Gateway Genmask Flags Metric Ref Use Iface<BR>192.168.1.0 * 255.255.255.0 U 0 0 0 eth0<BR>default * 0.0.0.0 U 0 0 0 eth0<BR>/ $ ip route show<BR>192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 <BR>default dev eth0 scope link <BR>/ $ </DIV>
<DIV>In server side:</DIV>
<DIV>[root@wrylab lo]# ifconfig<BR>eth0 Link encap:Ethernet HWaddr 00:0C:29:2B:1E:0B <BR> inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0<BR> inet6 addr: fe80::20c:29ff:fe2b:1e0b/64 Scope:Link<BR> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<BR> RX packets:1038 errors:0 dropped:0 overruns:0 frame:0<BR> TX packets:715 errors:0 dropped:0 overruns:0 carrier:0<BR> collisions:0 txqueuelen:1000 <BR> RX bytes:93978 (91.7 KiB) TX bytes:82611 (80.6 KiB)<BR> Interrupt:17 Base address:0x1400 </DIV>
<DIV>lo Link encap:Local Loopback <BR> inet addr:127.0.0.1 Mask:255.0.0.0<BR> inet6 addr: ::1/128 Scope:Host<BR> UP LOOPBACK RUNNING MTU:16436 Metric:1<BR> RX packets:9551 errors:0 dropped:0 overruns:0 frame:0<BR> TX packets:9551 errors:0 dropped:0 overruns:0 carrier:0<BR> collisions:0 txqueuelen:0 <BR> RX bytes:12882655 (12.2 MiB) TX bytes:12882655 (12.2 MiB)</DIV>
<DIV>[root@wrylab lo]# route<BR>Kernel IP routing table<BR>Destination Gateway Genmask Flags Metric Ref Use Iface<BR>192.168.1.0 * 255.255.255.0 U 0 0 0 eth0<BR>169.254.0.0 * 255.255.0.0 U 0 0 0 eth0<BR>default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0<BR>[root@wrylab lo]# ip route show<BR>192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.104 <BR>169.254.0.0/16 dev eth0 scope link <BR>default via 192.168.1.254 dev eth0 </DIV>
<DIV><BR> </DIV><br><br><span title="neteasefooter"/><hr/>
<a href="http://www.yeah.net/?from=footer">没有广告的终身免费邮箱,www.yeah.net</a>
</span>