<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>Trouble after chaning wan ipaddress</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">Hi.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">We got a new ipaddress from our ISP.</FONT>
<BR><FONT SIZE=2 FACE="Arial">Then I've changede the ip in ipsec.conf</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">And now I'm stuck in:</FONT>
<BR><FONT SIZE=2 FACE="Arial">ipsec auto --up xxxxxx_XX</FONT>
<BR><FONT SIZE=2 FACE="Arial">117 "xxxxxx_XX" #50: STATE_QUICK_I1: initiate</FONT>
<BR><FONT SIZE=2 FACE="Arial">010 "xxxxxx_XX" #50: STATE_QUICK_I1: retransmission; will wait 20s for response</FONT>
<BR><FONT SIZE=2 FACE="Arial">010 "xxxxxx_XX" #50: STATE_QUICK_I1: retransmission; will wait 40s for response</FONT>
<BR><FONT SIZE=2 FACE="Arial">031 "xxxxxx_XX" #50: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</FONT></P>
<P><FONT SIZE=2 FACE="Arial">000 "xxxxxx_XX" #50: starting keying attempt 2 of an unlimited number, but releasing whack</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">The only thing that change was the IP.</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">The old one: (this config worked)</FONT>
<BR><FONT SIZE=2 FACE="Arial"># /etc/ipsec.conf - Openswan IPsec configuration file</FONT>
<BR><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial"># Manual: ipsec.conf.5</FONT>
<BR><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial"># Please place your own config files in /etc/ipsec.d/ ending in .conf</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">version 2.0 # conforms to second version of ipsec.conf specification</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"># basic configuration</FONT>
<BR><FONT SIZE=2 FACE="Arial">config setup</FONT>
<BR><FONT SIZE=2 FACE="Arial"> forwardcontrol=yes</FONT>
<BR><FONT SIZE=2 FACE="Arial"> klipsdebug=none</FONT>
<BR><FONT SIZE=2 FACE="Arial"> nat_traversal=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> plutodebug=none</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # nat_traversal=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # interfaces="ipsec0=eth0"</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">#conn %default</FONT>
<BR><FONT SIZE=2 FACE="Arial"># authby=rsasig</FONT>
<BR><FONT SIZE=2 FACE="Arial"># leftrsasigkey=</FONT>
<BR><FONT SIZE=2 FACE="Arial"># rightrsasigkey =</FONT>
<BR><FONT SIZE=2 FACE="Arial"># left=%defaultroute</FONT>
<BR><FONT SIZE=2 FACE="Arial"># keyingtries=1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #keylife=1200s</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #ikelifetime=1200s</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">conn xxxxxx_XX</FONT>
<BR><FONT SIZE=2 FACE="Arial"> auth=esp</FONT>
<BR><FONT SIZE=2 FACE="Arial"> authby=secret</FONT>
<BR><FONT SIZE=2 FACE="Arial"> auto=start</FONT>
<BR><FONT SIZE=2 FACE="Arial"> compress=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> esp=3des-sha1-1024</FONT>
<BR><FONT SIZE=2 FACE="Arial"> ike=3des-sha1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> keyexchange=ike</FONT>
<BR><FONT SIZE=2 FACE="Arial"> keylife=2h</FONT>
<BR><FONT SIZE=2 FACE="Arial"> left=83.xx.xxx.14</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftnexthop=83.xx.xxx.13</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftsubnet=10.27.0.0/16</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftsourceip=10.27.1.28</FONT>
<BR><FONT SIZE=2 FACE="Arial"> pfs=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> right=91.xxx.xxx.2</FONT>
<BR><FONT SIZE=2 FACE="Arial"> rightsubnet=192.168.37.34/32</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">include /etc/ipsec.d/*.conf</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">The new one:</FONT>
<BR><FONT SIZE=2 FACE="Arial"># /etc/ipsec.conf - Openswan IPsec configuration file</FONT>
<BR><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial"># Manual: ipsec.conf.5</FONT>
<BR><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial"># Please place your own config files in /etc/ipsec.d/ ending in .conf</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">version 2.0 # conforms to second version of ipsec.conf specification</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"># basic configuration</FONT>
<BR><FONT SIZE=2 FACE="Arial">config setup</FONT>
<BR><FONT SIZE=2 FACE="Arial"> forwardcontrol=yes</FONT>
<BR><FONT SIZE=2 FACE="Arial"> klipsdebug=none</FONT>
<BR><FONT SIZE=2 FACE="Arial"> nat_traversal=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> plutodebug=none</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # nat_traversal=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> interfaces="ipsec0=eth0"</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">#conn %default</FONT>
<BR><FONT SIZE=2 FACE="Arial"># authby=rsasig</FONT>
<BR><FONT SIZE=2 FACE="Arial"># leftrsasigkey=</FONT>
<BR><FONT SIZE=2 FACE="Arial"># rightrsasigkey =</FONT>
<BR><FONT SIZE=2 FACE="Arial"># left=%defaultroute</FONT>
<BR><FONT SIZE=2 FACE="Arial"># keyingtries=1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #keylife=1200s</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #ikelifetime=1200s</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">conn xxxxxx_XX</FONT>
<BR><FONT SIZE=2 FACE="Arial"> auth=esp</FONT>
<BR><FONT SIZE=2 FACE="Arial"> authby=secret</FONT>
<BR><FONT SIZE=2 FACE="Arial"> auto=start</FONT>
<BR><FONT SIZE=2 FACE="Arial"> compress=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> esp=3des-sha1-1024</FONT>
<BR><FONT SIZE=2 FACE="Arial"> ike=3des-sha1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> keyexchange=ike</FONT>
<BR><FONT SIZE=2 FACE="Arial"> keylife=2h</FONT>
<BR><FONT SIZE=2 FACE="Arial"> left=92.xxx.xx.246</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftnexthop=92.xxx.xx.193</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftsubnet=10.27.0.0/16</FONT>
<BR><FONT SIZE=2 FACE="Arial"> leftsourceip=10.27.1.28</FONT>
<BR><FONT SIZE=2 FACE="Arial"> pfs=no</FONT>
<BR><FONT SIZE=2 FACE="Arial"> right=91.xxx.xxx.2</FONT>
<BR><FONT SIZE=2 FACE="Arial"> rightsubnet=192.168.37.34/32</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">And the old ipsec.secrets:</FONT>
<BR><FONT SIZE=2 FACE="Arial">: RSA {</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # RSA 32 bits xxxxxx.dk Tue Sep 16 15:17:08 2008</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # for signatures only, UNSAFE FOR ENCRYPTION</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #pubkey=0sAQOm0nwL</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Modulus: 0xa6d27c0b</FONT>
<BR><FONT SIZE=2 FACE="Arial"> PublicExponent: 0x03</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # everything after this point is secret</FONT>
<BR><FONT SIZE=2 FACE="Arial"> PrivateExponent: 0x1bcd79cb</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Prime1: 0xed6b</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Prime2: 0xb3e1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Exponent1: 0x9e47</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Exponent2: 0x77eb</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Coefficient: 0xdb07</FONT>
<BR><FONT SIZE=2 FACE="Arial"> }</FONT>
<BR><FONT SIZE=2 FACE="Arial"># do not change the indenting of that "}"</FONT>
<BR><FONT SIZE=2 FACE="Arial">83.xx.xxx.14 91.xxx.xxx.2 : PSK "VERYSECRETKEY"</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">And the new one</FONT>
<BR><FONT SIZE=2 FACE="Arial">: RSA {</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # RSA 32 bits xxxxxx.dk Tue Sep 16 15:17:08 2008</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # for signatures only, UNSAFE FOR ENCRYPTION</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #pubkey=0sAQOm0nwL</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Modulus: 0xa6d27c0b</FONT>
<BR><FONT SIZE=2 FACE="Arial"> PublicExponent: 0x03</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # everything after this point is secret</FONT>
<BR><FONT SIZE=2 FACE="Arial"> PrivateExponent: 0x1bcd79cb</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Prime1: 0xed6b</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Prime2: 0xb3e1</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Exponent1: 0x9e47</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Exponent2: 0x77eb</FONT>
<BR><FONT SIZE=2 FACE="Arial"> Coefficient: 0xdb07</FONT>
<BR><FONT SIZE=2 FACE="Arial"> }</FONT>
<BR><FONT SIZE=2 FACE="Arial"># do not change the indenting of that "}"</FONT>
<BR><FONT SIZE=2 FACE="Arial">92.xxx.xx.246 91.xxx.xxx.2 : PSK "VERYSECRETKEY"</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2 FACE="Verdana">Kind regards</FONT>
<BR><B><I><FONT SIZE=2 FACE="Verdana">Jesper Langkjær<BR>
</FONT></I></B>
</P>
</BODY>
</HTML>