[Openswan Users] openswan startup and version interoperability
Brian Sheets
brians at fl240.com
Tue Aug 1 00:11:00 CEST 2006
I moved them to the bottom of the file, I think the link comes up but
I've got other networking issue that are stopping the routing, I need to
fix that and I'll let ya'll know how it goes.
Brian
-----Original Message-----
From: Andy Gay [mailto:andy at andynet.net]
Sent: Monday, July 31, 2006 11:06 PM
To: Brian Sheets
Cc: Paul Wouters; users at openswan.org
Subject: RE: [Openswan Users] openswan startup and version
interoperability
On Mon, 2006-07-31 at 22:26 -0700, Brian Sheets wrote:
> http://plambert.net/~brians/openswan.txt
>
This could be your problem:
Aug 1 04:49:36 gateway1 pluto[25042]: "net-to-net" #5: multiple
ipsec.secrets entries with distinct secrets match endpoints: first
secret used
You have 2 ipsec.secrets lines with no identity selectors, only the
first will ever be used.
That'll be this one - what's it for?
: RSA gateway1.mydomain.net.key "[sums to 1b34...]"
Seems sort of incomplete....
> ok, Hopefully I got all the stuff out that will expose me.. and you
> don't want me exposing myself :D
Indeed!
>
> b
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Monday, July 31, 2006 8:47 PM
> To: Brian Sheets
> Cc: Andy Gay; users at openswan.org
> Subject: RE: [Openswan Users] openswan startup and version
> interoperability
>
> On Mon, 31 Jul 2006, Brian Sheets wrote:
>
> > No, no established on the other side
> >
> > I get this if I try to ipsec auto --up net-to-net on gateway1
> >
> > gateway1:~# ipsec auto --up net-to-net
> > 112 "net-to-net" #603: STATE_QUICK_I1: initiate
> > 010 "net-to-net" #603: STATE_QUICK_I1: retransmission; will wait 20s
> for
> > response
>
> the other end rejected your packets it seems
>
> > Anything I can send to the list to help troubleshoot this?
>
> Create 'ipsec barf' outputs on both ends right after this happens, and
> put those on a website and post the links to the list, and we can have
> a look at it.
>
> Paul
>
>
>
More information about the Users
mailing list