[Openswan Users] Re: Can't connect the subnet

[Sean Tan]

On Tue, 2006-06-06 at 18:48, Sean Tan wrote:
> I have setup the openswan at both end where the structure : 
> 
> 172.16.x.x -----10.1.1.1========10.1.1.2------192.168.x.x
> 
> i have the following secure messages : 
> 
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: initiating Main
> Mode
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: received Vendor
> ID payload [Openswan (this version) 2.4.4  X.509-1.5.4
> PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: received Vendor
> ID payload [Dead Peer Detection]
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
> state STATE_MAIN_I1 to state STATE_MAIN_I2
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I2:
> sent MI2, expecting MR2
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: I did not send a
> certificate because I do not have one.
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
> state STATE_MAIN_I2 to state STATE_MAIN_I3
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I3:
> sent MI3, expecting MR3
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: Main mode peer ID
> is ID_IPV4_ADDR: 'xx.xx.xx.xx'
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
> state STATE_MAIN_I3 to state STATE_MAIN_I4
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I4:
> ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
> prf=oakley_md5 group=modp1536}
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: initiating Quick
> Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: transition from
> state STATE_QUICK_I1 to state STATE_QUICK_I2
> Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: STATE_QUICK_I2:
> sent QI2, IPsec SA established {ESP=>0xeaac6cd0 <0xf880d5d4
> xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
> 
> 
> What i can found the problem is :  I did not send a certificate because
> I do not have one. I try to use manual keying. Please help. Thanks.
> 
> 
> Best Regards
> Sean
>