[Openswan Users] Not passing the "STATE_QUICK_I1: initiate"
Oliver Schulze L.
oliver at samera.com.py
Tue Nov 8 12:45:48 CET 2005
Hi,
I think there can be a problem this this config.
The Cisco Guy(tm) is telling me that he only allows me to go to 1
internal host
and not to the whole internal network. In the Cisco, only host
10.1.254.63/32
is "published" in the ipsec
I, in ipsec.conf, configure his internal network as:
rightsubnet=10.1.254.0/24
Another thing, don't know if this matters, but ipsec verify returns:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan Ucvs2002Mar11_19:19:03/K2.1.2rc3 (klips)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
I'm not using RSA, just a PreSharedSecret, and
authby=secret
in ipsec.conf
Will post more info in a few hours.
Many thanks
Oliver
Andy wrote:
>To debug it further, you'll need some help from the Cisco end - get the
>Cisco config and post it here, along with your config, we may be able to
>help. Also, try to enable debug for ipsec on the Cisco and see what that
>tells us.
>
>
--
Oliver Schulze L.
<oliver at samera.com.py>
More information about the Users
mailing list