[Openswan Users] openswan startup and version interoperability

Andy Gay andy at andynet.net
Tue Aug 1 03:06:10 CEST 2006


On Mon, 2006-07-31 at 22:26 -0700, Brian Sheets wrote:
> http://plambert.net/~brians/openswan.txt
> 
This could be your problem:
Aug  1 04:49:36 gateway1 pluto[25042]: "net-to-net" #5: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used

You have 2 ipsec.secrets lines with no identity selectors, only the
first will ever be used.
That'll be this one - what's it for?
  : RSA gateway1.mydomain.net.key "[sums to 1b34...]"

Seems sort of incomplete....


> ok, Hopefully I got all the stuff out that will expose me.. and you
> don't want me exposing myself :D
Indeed!

> 
> b
> 
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com] 
> Sent: Monday, July 31, 2006 8:47 PM
> To: Brian Sheets
> Cc: Andy Gay; users at openswan.org
> Subject: RE: [Openswan Users] openswan startup and version
> interoperability
> 
> On Mon, 31 Jul 2006, Brian Sheets wrote:
> 
> > No, no established on the other side
> >
> > I get this if I try to ipsec auto --up net-to-net on gateway1
> >
> > gateway1:~# ipsec auto --up net-to-net
> > 112 "net-to-net" #603: STATE_QUICK_I1: initiate
> > 010 "net-to-net" #603: STATE_QUICK_I1: retransmission; will wait 20s
> for
> > response
> 
> the other end rejected your packets it seems
> 
> > Anything I can send to the list to help troubleshoot this?
> 
> Create 'ipsec barf' outputs on both ends right after this happens, and
> put those on a website and post the links to the list, and we can have
> a look at it.
> 
> Paul
> 
> 
> 



More information about the Users mailing list