Hi...<br><br>Thanks for replying Paul. Its not working. I have added rightid=%fromcert and leftid=%fromcert on both machine.Now its showing error. <br><br>104 "sample1" #1: STATE_MAIN_I1: initiate<br>003 "sample1" #1: received Vendor ID payload [Openswan (this version) 2.6.23 ]<br>
003 "sample1" #1: received Vendor ID payload [Dead Peer Detection]<br>003 "sample1" #1: received Vendor ID payload [RFC 3947] method set to=109 <br>106 "sample1" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>
003 "sample1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected<br>108 "sample1" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>003 "sample1" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000<br>
003 "sample1" #1: received and ignored informational message<br><br>I have tried all combination <br>1. by specifying both leftid=%fromcert and rightid=%fromcert on both machine<br><div class="gmail_quote">2. By specifying only rightid=%fromcert at 238 machine and only leftid=%fromcert at 139 machine.<br>
<br>it gives same error in both case which is mention above.<br><br>I have also tried by sepcifying leftid=@east ( east is the cn (common name) of eastCert.pem) and rightid=@west (where west is the cn (common name) of westCert.pem). In this case it gives the error<br>
<br>104 "sample1" #1: STATE_MAIN_I1: initiate<br>003 "sample1" #1: received Vendor ID payload [Openswan (this version) 2.6.23 ]<br>003 "sample1" #1: received Vendor ID payload [Dead Peer Detection]<br>
003 "sample1" #1: received Vendor ID payload [RFC 3947] method set to=109 <br>106 "sample1" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>003 "sample1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected<br>
108 "sample1" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>003 "sample1" #1: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000<br>003 "sample1" #1: received and ignored informational message<br>
<br>but if I placed both certificate at both machine and specify their
corresponding parameter (specifying rightcert at 238 machine and
leftcert at 139 machine) in ipsec.conf file than I am able to build up
the connection.<br><br>On Tue, Feb 16, 2010 at 9:04 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>On Tue, 16 Feb 2010, neeraj goyal wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
conn sample1<br>
<br>
left=192.168.103.238<br>
leftsendcert=always<br>
leftrsasigkey=%cert<br>
right=192.168.103.139<br>
rightcert=/etc/ipsec.d/certs/westCert.pem<br>
rightsendcert=always<br>
rightrsasigkey=%cert<br>
auto=add<br>
<br>
Similarily, I have placed the westCert.pem in /etc/ipsec.d/certs in 192.168.103.139 machine. Now I am not able to<br>
connect the ipsec between two. It shows (while trying to up the connection using ipsec auto --up sample1)<br>
</blockquote>
<br>
</div><div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
003 "sample1" #2: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000<br>
</blockquote>
<br></div>
Add rightid=%fromcert<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Regards<br> <br>Neeraj Goyal<br><br>