<style type="text/css">
<!--
body {font-size:13px;font-family:arial;color:#494949}
-->
</style>
<div class="Section1" style="LAYOUT-GRID: 18pt none"><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Dear all,<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">This is first time for me to study openswan. . I read a lot of articles about openswan from web<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> I followed the instructions from openswan’s web and trying to setup net–to-net connection.<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Both gatway (left and right) are installed with centOS5.2(kernel <chsdate isrocdate="False" islunardate="False" day="30" month="12" year="1899" w:st="on">2.6.18</chsdate>) and openswan(ver 2.6.22) <p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Here is my ipsec.conf:<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">conn net-t-net<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> left=10.144.134.202<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> leftsubnet=192.168.10.0/24<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> leftid=@left<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> leftnexthop=%defaultroute<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> right=10.144.134.203<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> rightsubnet=192.168.13.0/24<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> rightid=@right<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> rightnexthop=%defaultroute<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"> leftrsasigkey=0sAQOPwB4FS1fpxN19ktKE1GwE<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="6" unitname="F">6F</chmetcnv>……<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 36pt"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">rightrsasigkey=0sAQOo/15JmRsIIegwieNH47KR0sqdkei/c………..<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 36pt"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">auto=add<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">But, when I setup connection by ipsec auto command , it show” STATE_QUICK_I1: retransmission; will wait 20s for response..’ <p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">By checking ipsec tarf, it seems be stuck at : STATE_QUICK_I1 stage.<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">I don’t know what is wrong with my setup. Perhaps something is wrong with my configure of firewall or route.<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Pls help to solve the problem.<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Thanks a lot<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"><p> </p></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Jimmy yen<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char; TEXT-INDENT: 36pt"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"><p> </p></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Below is the collection of status about my problem, hope it is helpful for all you to trace the problem. <p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">[root@centos /]# ipsec auto --up net-t-net<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">117 "net-t-net" #3: STATE_QUICK_I1: initiate<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">010 "net-t-net" #3: STATE_QUICK_I1: retransmission; will wait 20s for response<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">010 "net-t-net" #3: STATE_QUICK_I1: retransmission; will wait 40s for response<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">…<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Part of Ipsec barf :::<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:41 centos pluto[20394]: "net-t-net" #203: starting keying attempt 42 of an unlimited number<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:41 centos pluto[20394]: "net-t-net" #208: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW to replace #203 {using isakmp#4 msgid:13251cd5 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:41 centosi pluto[20394]: "net-t-net" #202: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:41 centos pluto[20394]: "net-t-net" #202: starting keying attempt 42 of an unlimited number<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:41 centos pluto[20394]: "net-t-net" #209: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW to replace #202 {using isakmp#4 msgid:c5ea1125 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 centos pluto[20394]: "net-t-net" #1: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.13.0/24:0/0<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 centos pluto[20394]: "net-t-net" #210: responding to Quick Mode proposal {msgid:<chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="6" unitname="a">6a</chmetcnv><chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="5874" unitname="C">5874c</chmetcnv>6}<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 centos pluto[20394]: "net-t-net" #210: us: 192.168.10.0/24===10.144.134.202<10.144.134.202>[@left,+S=C]<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 cento pluto[20394]: "net-t-net" #210: them: 10.144.134.203<10.144.134.203>[@right,+S=C]===192.168.13.0/24<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 cento pluto[20394]: "net-t-net" #210: ERROR: netlink response for Add SA comp.238e@10.144.134.203 included errno 22: Invalid argument<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 centos pluto[20394]: | add_sa ipcomp failed<p /></span></font></p><p class="MsoNormal" style="LAYOUT-GRID-MODE: char"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial">Sep 4 17:36:48 centos pluto[20394]: | failed to install outgoing SA: 0<p /></span></font></p><p class="MsoNormal"><font face="Arial" size="1"><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: Arial"><p> </p></span></font></p></div><BR><BR>==========================================================<BR>免費送情境式英文互動光碟 <BR><a href="http://mail.pchome.com.tw/edm/click.htm?ad_code=435">http://web.pccenter.com.tw/new_activity/english_365_2/index.asp?selectENT=2&AD_website=W00005&AD_location=234&selectPRO=3</a><BR>==========================================================<BR>