[Openswan Users] openswan startup and version interoperability
andy at andynet.net
Tue Aug 1 03:06:10 CEST 2006
On Mon, 2006-07-31 at 22:26 -0700, Brian Sheets wrote:
This could be your problem:
Aug 1 04:49:36 gateway1 pluto: "net-to-net" #5: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
You have 2 ipsec.secrets lines with no identity selectors, only the
first will ever be used.
That'll be this one - what's it for?
: RSA gateway1.mydomain.net.key "[sums to 1b34...]"
Seems sort of incomplete....
> ok, Hopefully I got all the stuff out that will expose me.. and you
> don't want me exposing myself :D
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Monday, July 31, 2006 8:47 PM
> To: Brian Sheets
> Cc: Andy Gay; users at openswan.org
> Subject: RE: [Openswan Users] openswan startup and version
> On Mon, 31 Jul 2006, Brian Sheets wrote:
> > No, no established on the other side
> > I get this if I try to ipsec auto --up net-to-net on gateway1
> > gateway1:~# ipsec auto --up net-to-net
> > 112 "net-to-net" #603: STATE_QUICK_I1: initiate
> > 010 "net-to-net" #603: STATE_QUICK_I1: retransmission; will wait 20s
> > response
> the other end rejected your packets it seems
> > Anything I can send to the list to help troubleshoot this?
> Create 'ipsec barf' outputs on both ends right after this happens, and
> put those on a website and post the links to the list, and we can have
> a look at it.
More information about the Users