[Openswan Users]

aheesh nagraj aheesh at gmail.com
Wed Jan 11 12:45:53 CET 2006 

Hi paul,

I changed the system i was using and now m using a fedora 2.6.5 and a
2.6.10sys and now its able to create a isakmp SA, but getting stuck at
quick mode
as seen below.

Thanks,
Aheesh

P.S. : I fail to understand why my previous attempts with a 2.6.10 and a
2.6.9 Fedora were resulting in rsa wrong key? error.

==================================================================
[root at DT345 root]# ipsec auto --up wind
104 "wind" #1: STATE_MAIN_I1: initiate
003 "wind" #1: received Vendor ID payload [Openswan (this version) 2.3.1
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "wind" #1: received Vendor ID payload [Dead Peer Detection]
106 "wind" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "wind" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "wind" #1: STATE_MAIN_I4: ISAKMP SA established
117 "wind" #2: STATE_QUICK_I1: initiate
003 "wind" #2: ERROR: netlink response for Add SA
esp.951111a8 at 172.22.67.104included errno 38: Function not implemented
032 "wind" #2: STATE_QUICK_I1: internal error
003 "wind" #2: ERROR: netlink response for Add SA
esp.951111a8 at 172.22.67.104included errno 38: Function not implemented
032 "wind" #2: STATE_QUICK_I1: internal error
010 "wind" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
003 "wind" #2: ERROR: netlink response for Add SA
esp.951111a8 at 172.22.67.104included errno 38: Function not implemented
032 "wind" #2: STATE_QUICK_I1: internal error
010 "wind" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
003 "wind" #2: ERROR: netlink response for Add SA
esp.951111a8 at 172.22.67.104included errno 38: Function not implemented
032 "wind" #2: STATE_QUICK_I1: internal error
031 "wind" #2: max number of retransmissions (2) reached STATE_QUICK_I1.  No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
000 "wind" #2: starting keying attempt 2 of an unlimited number, but
releasing whack

====================================================================


On 1/10/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Tue, 10 Jan 2006, aheesh nagraj wrote:
>
> > I have 2 fedora 2.6 systmes with openswan-2.3.1 installed.
>
> yum update to get openswan-2.4.x
>
> > Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: Signature
> check
> > (on 172.22.67.104) failed (wrong key?); tried *AQOaBoHjT
>
> You eithe raccidentally switcheft left/rightrsasigkey= or you made a cut
> and
> paste error, or you are just using the wrong public keys. Run ipsec
> showhostkey --left
> on one end and ipsec showhostkey --right on the other end tr yagain.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060111/2d6730c5/attachment-0001.htm

More information about the Users mailing list