[Openswan Users] Start new connection

Frederico Madeira fred at farmaciadospobres.com.br
Fri Nov 4 16:32:07 CET 2005 

Hey guys,

The problem is that in rigth side u use a 64 bits kernel and i've
installed a 32 bits version of openswan.
I reinstall the 64 bits openswan version ant it make connection.

If i enter /sbin/ip route command in both sides, i can see the route for
left network and the right network, but if i ping from left to right
host the ping don't work. If i make it from rigth to left the same
problem ocour.

Is missing anything ??

How i chek if is all ok ?? if it connected ??

Frederico Madeira
Coordenador de Suporte
N. Landim Comércio Ltda
e-Mail: fred at farmaciadospobres.com.br
Fone : (81) 3497.3029
PABX: (81) 3497.3000
Fax : (81). 3497.3030

Em Qua, 2005-11-02 às 05:20 +0100, Paul Wouters escreveu:

> On Tue, 1 Nov 2005, Andy wrote:
> 
> > > > 104 "ksa-fred" #1: STATE_MAIN_I1: initiate
> > > > 003 "ksa-fred" #1: received Vendor ID payload [Openswan (this version)
> > > > 2.4.0rc3  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> > > > 003 "ksa-fred" #1: received Vendor ID payload [Dead Peer Detection]
> > > > 106 "ksa-fred" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> > > > 108 "ksa-fred" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > > > 004 "ksa-fred" #1: STATE_MAIN_I4: ISAKMP SA established
> > > > {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
> > > > group=modp1536}
> > > > 117 "ksa-fred" #2: STATE_QUICK_I1: initiate
> > > > 010 "ksa-fred" #2: STATE_QUICK_I1: retransmission; will wait 20s for
> > > > response
> > > > 010 "ksa-fred" #2: STATE_QUICK_I1: retransmission; will wait 40s for
> > > > response
> > > > 031 "ksa-fred" #2: max number of retransmissions (2) reached
> > >
> > > The other end is not sending a single packet back. There might be a
> > > filter for udp port 500/4500 in place somewhere.
> > >
> > Surely that's not right. Phase 1 is completed OK, so isakmp must be
> > getting through?
> 
> Oops. You are absolutely right. It was phase 2 that never saw a packet, not
> phase 1. In this case, the other end does not like the phase 2 proposal
> packet that was sent, and silently disgarded the packet. Logs on that end
> should tell you why it disgarded it.
> 
> Paul


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051104/cf96bc0a/attachment-0001.htm

More information about the Users mailing list