[Openswan Users] help!!!!

netanri netanri netanri at yahoo.fr
Mon Aug 21 05:42:46 EDT 2006 

salut les amis.....je suis bloqué sur mon installation de openswan!!! si quelqun pourrait m'eclairer un peu.... 
j'ai suivi ttes les etapes de configuration de openswan mais lorsque je teste ma connection ces messages m'apparait: 

[root at localhost user]# ipsec auto --status 
000 interface lo/lo ::1 
000 interface lo/lo 127.0.0.1 
000 interface lo/lo 127.0.0.1 
000 interface ath0/ath0 192.168.1.5 
000 interface ath0/ath0 192.168.1.5 
000 interface eth0/eth0 192.168.1.7 
000 interface eth0/eth0 192.168.1.7 
000 %myid = (none) 
000 debug none 
000 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 
000 
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 
000 
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000 
000 "net-to-net": 192.168.2.0/24===192.168.1.5[@localhost]---192.168.1.1...192.168.1.1---192.168.1.6[@localhost]===192.168.1.0/24; unrouted; eroute owner: #0 
000 "net-to-net": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 
000 "net-to-net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 
000 "net-to-net": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: ath0; 
000 "net-to-net": newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 
000 #2: "net-to-net":500 STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 35s; lastdpd=-1s(seq in:0 out:0) 
000 #2: pending Phase 2 for "net-to-net" replacing #0 
000 


[root at localhost user]# ipsec auto --verbose --up net-to-net 
002 "net-to-net" #1: initiating Main Mode 
104 "net-to-net" #1: STATE_MAIN_I1: initiate 
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR] 
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection] 
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=110 
002 "net-to-net" #1: enabling possible NAT-traversal with method 3 
002 "net-to-net" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2 
002 "net-to-net" #1: I did not send a certificate because I do not have one. 
003 "net-to-net" #1: NAT-Traversal: Result using 3: no NAT detected 
002 "net-to-net" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3 
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION 
003 "net-to-net" #1: received and ignored informational message 
010 "net-to-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for response 
003 "net-to-net" #1: discarding duplicate packet; already STATE_MAIN_I3 
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION 
003 "net-to-net" #1: received and ignored informational message 
010 "net-to-net" #1: STATE_MAIN_I3: retransmission; will wait 40s for response 
003 "net-to-net" #1: discarding duplicate packet; already STATE_MAIN_I3 
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION 
003 "net-to-net" #1: received and ignored informational message 
031 "net-to-net" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message 
000 "net-to-net" #1: starting keying attempt 2 of an unlimited number, but releasing whack 
 		
---------------------------------
 Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 
 		
---------------------------------
 Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060821/f02cff33/attachment-0001.html

More information about the Users mailing list