[Openswan Users] openswan startup and version interoperability
brians at fl240.com
Tue Aug 1 00:11:00 CEST 2006
I moved them to the bottom of the file, I think the link comes up but
I've got other networking issue that are stopping the routing, I need to
fix that and I'll let ya'll know how it goes.
From: Andy Gay [mailto:andy at andynet.net]
Sent: Monday, July 31, 2006 11:06 PM
To: Brian Sheets
Cc: Paul Wouters; users at openswan.org
Subject: RE: [Openswan Users] openswan startup and version
On Mon, 2006-07-31 at 22:26 -0700, Brian Sheets wrote:
This could be your problem:
Aug 1 04:49:36 gateway1 pluto: "net-to-net" #5: multiple
ipsec.secrets entries with distinct secrets match endpoints: first
You have 2 ipsec.secrets lines with no identity selectors, only the
first will ever be used.
That'll be this one - what's it for?
: RSA gateway1.mydomain.net.key "[sums to 1b34...]"
Seems sort of incomplete....
> ok, Hopefully I got all the stuff out that will expose me.. and you
> don't want me exposing myself :D
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Monday, July 31, 2006 8:47 PM
> To: Brian Sheets
> Cc: Andy Gay; users at openswan.org
> Subject: RE: [Openswan Users] openswan startup and version
> On Mon, 31 Jul 2006, Brian Sheets wrote:
> > No, no established on the other side
> > I get this if I try to ipsec auto --up net-to-net on gateway1
> > gateway1:~# ipsec auto --up net-to-net
> > 112 "net-to-net" #603: STATE_QUICK_I1: initiate
> > 010 "net-to-net" #603: STATE_QUICK_I1: retransmission; will wait 20s
> > response
> the other end rejected your packets it seems
> > Anything I can send to the list to help troubleshoot this?
> Create 'ipsec barf' outputs on both ends right after this happens, and
> put those on a website and post the links to the list, and we can have
> a look at it.
More information about the Users