[Openswan Users] Problem With Ipsec Automatic Connection...(Openswan-2.3.0)

mohan chandra mohanchandra_01 at yahoo.co.in
Wed Apr 27 06:20:17 CEST 2005 

Hi ,

There is a problem with my ipsec automatic connection.
I am using Linux-9, kernel-2.4.20-8 and openswan-2.3.0
I need to establish ipsec connection between two linux
system using automatic connection.

Following is the some ipsec.conf connection
configuration:

# basic configuration
config setup
   	interfaces="ipsec0=eth0"
	# Debug-logging controls:  "none" for (almost) none,
"all" for lots.
	klipsdebug=none
	plutodebug=none
	uniqueids=yes

conn %default
	keyingtries=1
	authby=secret
	
conn block
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore

# Add connections here.
# connection - RSASIG
conn bob-alice-h2h
	left=172.20.17.85
	leftnexthop=172.20.17.1
	leftid=@bob
leftrsasigkey=0sAQN6UCjq/fcO/lKa2rFyeclO0EO2EkzthFokVyA3mqTfSIhkxFLts3PpCwb+0LUnuRrKE3LKZZiLquSYQO6pUtoNfEnbEIH6Ykkc4OpNR5Telcv5Ijnq2VImzRykcd3184Ddt/cIO9UY4A2VqtDWGqL2es0MC9r2LOm6BbXhMtdia5toMb+mjgfkWRBJHCkcoq0fSoMSxjJQXtBz/lrDf/XIz6FrvehHMIfipccxxmkuGXcnvmFDPziNJaQbN3j48H3hMdEI00v/V+h23qOSyY1/II6x1OVopvU66r0DOdNF3nQBjtVdlbVi2zlYxXOVYmwYGZIHrm0qAperod2Rfxy9
	right=172.20.17.84
	rightnexthop=172.20.17.1
	rightid=@alice
rightrsasigkey=0sAQOEo1hp4PY0X1AI4qSPfUFgH26PFnsXlebH6/7UH98GWX+6ZOhLWJ4fQpg/T9EE5+2wazcd7h7lALf9+6+ljAj/kgEHZZuEFmiFoCJvVart15vF3ofwosIvf0FbTodXNEdsFbm1jSyAHaHmMjOinwEz3uVKXpvWgcUpIHrbjfc8T5L8uft2XwZikL0m8Fm1zsFuqcF8oPbgFaRS9Z7Bajc4WdS1fSAx5l9MudslqFLZQdB3AmFLEC5wO/K6CuiMOlA+SZVgYY/lSdXVIGiwJycPo1y7Cu5MpM5/VEmsrc/U6wlPwHTQ8NgWHH6wpMCNmpRpGiWX5LIpubNsZ1OYIxhh
	auto=ignore
	rekey=no
	failureshunt=passthrough
	pfs=no
	compress=no
	#auth=esp
	authby=rsasig
	type=tunnel

# connection - SECRET
conn psk-other
        auto=add
        authby=secret
        pfs=yes
        ike=3des-sha1
        left=172.20.17.85
	leftid=@bob
        leftnexthop=172.20.17.1
        right=172.20.17.84
	rightid=@alice
        rightnexthop=172.20.17.1
        keyingtries=3	

Following is the error appeared when trying to up the
automatic connection b/w two hosts

## for psk-other connection ( secret )
[root at mohan root]# ipsec auto --add psk-other
[root at mohan root]# ipsec auto --up psk-other
104 "psk-other" #36: STATE_MAIN_I1: initiate
010 "psk-other" #36: STATE_MAIN_I1: retransmission;
will wait 20s for response
010 "psk-other" #36: STATE_MAIN_I1: retransmission;
will wait 40s for response
031 "psk-other" #36: max number of retransmissions (2)
reached STATE_MAIN_I1.  No response (or no acceptable
response) to our first IKE message
000 "psk-other" #36: starting keying attempt 2 of at
most 3, but releasing whack
[root at mohan root]#

## for bob-alice-h2h connection ( rassig )
[root at mohan root]# ipsec auto --add bob-alice-h2h
[root at mohan root]# ipsec auto --up bob-alice-h2h
104 "bob-alice-h2h" #47: STATE_MAIN_I1: initiate
010 "bob-alice-h2h" #47: STATE_MAIN_I1:
retransmission; will wait 20s for response
010 "bob-alice-h2h" #47: STATE_MAIN_I1:
retransmission; will wait 40s for response
031 "bob-alice-h2h" #47: max number of retransmissions
(2) reached STATE_MAIN_I1.  No response (or no
acceptable response) to our first IKE message
[root at mohan root]#

But manual connections are working properly.
Please, someone reply immediatelly what is the problem
with
this automatic connection configuration....

Thanx,

Regards
Mohan

________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony

More information about the Users mailing list