<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">I need your help with this error from host log:<br>
<br>
Mar 15 15:19:19  pluto[12210]: packet from 192.168.50.2:500: received Vendor ID payload [Openswan (this version) 2.6.21 ]<br>
Mar 15 15:19:19 host-lx pluto[12210]: packet from 192.168.50.2:500: received Vendor ID payload [Dead Peer Detection]<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2
#4: responding to Main Mode from unknown peer 192.168.50.2<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2
#4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: STATE_MAIN_R1: sent MR1, expecting MI2<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2
#4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: STATE_MAIN_R2: sent MR2, expecting MI3<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.50.2'<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: issuer cacert not found<br>
Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: X.509 certificate rejected<br>
<br>
My host ipsec.conf:<br>
version 2.0<br>
<br>
config setup<br>
        interfaces=%defaultroute<br>
        nat_traversal=no<br>
<br>
conn %default<br>
        keyingtries=1<br>
        compress=yes<br>
        disablearrivalcheck=no<br>
        authby=rsasig<br>
        leftrsasigkey=%cert<br>
        rightrsasigkey=%cert<br>
<br>
conn roadwarrior-net<br>
        leftsubnet=192.168.50.0/255.255.255.0<br>
        also=roadwarrior<br>
<br>
conn roadwarrior<br>
        # left=%defaultroute<br>
        left=192.168.50.1<br>
        leftcert=host.example.com.pem<br>
        right=%any<br>
        rightsubnet=vhost:%no,%priv<br>
        auto=add<br>
        pfs=yes<br>
<br>
Files on client machine:<br>
/etc/ipsec.d/private/host.example.com.key<br>
/etc/ipsec.d/crls/crl.pem<br>
/etc/ipsec.d/certs/host.example.com.pem<br>
/etc/ipsec.d/cacerts/cacert.pem<br>
<br>
<br>
My client ipsec.conf:<br>
<br>
version 2.0<br>
<br>
config setup<br>
        interfaces=%defaultroute<br>
        nat_traversal=no<br>
<br>
conn %default<br>
        keyingtries=1<br>
        compress=yes<br>
        authby=rsasig<br>
        leftrsasigkey=%cert<br>
        rightrsasigkey=%cert<br>
<br>
conn roadwarrior-net<br>
        leftsubnet=192.168.50.0/255.255.255.0<br>
        also=roadwarrior<br>
<br>
conn roadwarrior<br>
        # left=%defaultroute<br>
        left=192.168.50.2<br>
        leftcert=clienthost.example.com.pem<br>
        right=192.168.50.1<br>
        rightsubnet=host.example.com.pem<br>
        auto=add<br>
        pfs=yes<br>
<br>
<br>
Files on host machine:<br>
/etc/ipsec.d/private/clienthost.example.com.key<br>
/etc/ipsec.d/crls/crl.pem<br>
/etc/ipsec.d/certs/host.example.com.pem<br>
/etc/ipsec.d/certs/clienthost.example.com.pem<br>
/etc/ipsec.d/cacerts/cacert.pem<br>
<br>
where host.example.com.pem is copied from host. All key files and pem files are generated separately using openssl CA.sh on client machine and host machine.</td></tr></table><br>