<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=big5">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="chsdate"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="chmetcnv"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 3 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@新細明體";
panose-1:2 2 3 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
/* Page Definitions */
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:18.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-TW link=blue vlink=purple style='text-justify-trim:punctuation'>
<div class=Section1 style='layout-grid:18.0pt'>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Dear all,<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>This is first time for me
to study openswan. . I read a lot of articles about openswan from web<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'> I followed the
instructions from openswan’s web and trying to setup net–to-net connection.<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Both gatway (left and
right) are installed with centOS5.2(kernel <st1:chsdate IsROCDate="False"
IsLunarDate="False" Day="30" Month="12" Year="1899" w:st="on">2.6.18</st1:chsdate>)
and openswan(ver 2.6.22) <o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Here is my ipsec.conf:<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>conn net-t-net<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
left=10.144.134.202<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
leftsubnet=192.168.10.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
leftid=@left<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
leftnexthop=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
right=10.144.134.203<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
rightsubnet=192.168.13.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
rightid=@right<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
rightnexthop=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>
leftrsasigkey=0sAQOPwB4FS1fpxN19ktKE1GwE<st1:chmetcnv TCSC="0"
NumberType="1" Negative="False" HasSpace="False" SourceValue="6" UnitName="F"
w:st="on">6F</st1:chmetcnv>……<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:36.0pt;layout-grid-mode:char'><font
size=1 face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial'>rightrsasigkey=0sAQOo/15JmRsIIegwieNH47KR0sqdkei/c………..<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:36.0pt;layout-grid-mode:char'><font
size=1 face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial'>auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>But, when I setup
connection by ipsec auto command , it show” STATE_QUICK_I1: retransmission;
will wait 20s for response..’ <o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>By checking ipsec tarf, it
seems be stuck at : STATE_QUICK_I1 stage.<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>I don’t know what is wrong
with my setup. Perhaps something is wrong with my configure of firewall
or route.<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Pls help to solve the
problem.<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Thanks a lot<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Jimmy yen<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:36.0pt;layout-grid-mode:char'><font
size=1 face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Below is the collection of
status about my problem, hope it is helpful for all you to trace the problem.
<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>[root@centos /]# ipsec
auto --up net-t-net<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>117 "net-t-net"
#3: STATE_QUICK_I1: initiate<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>010 "net-t-net"
#3: STATE_QUICK_I1: retransmission; will wait 20s for response<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>010 "net-t-net"
#3: STATE_QUICK_I1: retransmission; will wait 40s for response<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>…<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Part of Ipsec barf :::<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:41
centos pluto[20394]: "net-t-net" #203: starting keying attempt 42 of
an unlimited number<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:41
centos pluto[20394]: "net-t-net" #208: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW to replace #203 {using
isakmp#4 msgid:13251cd5 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:41
centosi pluto[20394]: "net-t-net" #202: max number of retransmissions
(2) reached STATE_QUICK_I1. No acceptable response to our first Quick
Mode message: perhaps peer likes no proposal<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:41
centos pluto[20394]: "net-t-net" #202: starting keying attempt 42 of
an unlimited number<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:41 centos
pluto[20394]: "net-t-net" #209: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW to replace #202 {using
isakmp#4 msgid:c5ea1125 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48
centos pluto[20394]: "net-t-net" #1: the peer proposed:
192.168.10.0/24:0/0 -> 192.168.13.0/24:0/0<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48
centos pluto[20394]: "net-t-net" #210: responding to Quick Mode
proposal {msgid:<st1:chmetcnv TCSC="0" NumberType="1" Negative="False"
HasSpace="False" SourceValue="6" UnitName="a" w:st="on">6a</st1:chmetcnv><st1:chmetcnv
TCSC="0" NumberType="1" Negative="False" HasSpace="False" SourceValue="5874"
UnitName="C" w:st="on">5874c</st1:chmetcnv>6}<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48
centos pluto[20394]: "net-t-net" #210: us:
192.168.10.0/24===10.144.134.202<10.144.134.202>[@left,+S=C]<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48 cento
pluto[20394]: "net-t-net" #210: them:
10.144.134.203<10.144.134.203>[@right,+S=C]===192.168.13.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48 cento
pluto[20394]: "net-t-net" #210: ERROR: netlink response for Add SA
comp.238e@10.144.134.203 included errno 22: Invalid argument<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48
centos pluto[20394]: | add_sa ipcomp failed<o:p></o:p></span></font></p>
<p class=MsoNormal style='layout-grid-mode:char'><font size=1 face=Arial><span
lang=EN-US style='font-size:9.0pt;font-family:Arial'>Sep 4 17:36:48
centos pluto[20394]: | failed to install outgoing SA: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 face=Arial><span lang=EN-US style='font-size:
9.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>