[Openswan Users] Can't ping subnet (fwd)

Paul Wouters paul at xelerance.com
Tue Jun 6 15:29:19 CEST 2006 

---------- Forwarded message ----------
Date: Tue, 06 Jun 2006 19:05:35 +0800
From: Sean Tan <wltan at eb.net.my>
To: paul at xelerance.com
Subject: Can't ping subnet

I have setup the openswan at both end where the structure :

172.16.x.x -----10.1.1.1========10.1.1.2------192.168.x.x

i have the following secure messages :

Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: initiating Main
Mode
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: received Vendor
ID payload [Openswan (this version) 2.4.4  X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: received Vendor
ID payload [Dead Peer Detection]
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I2:
sent MI2, expecting MR2
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: I did not send a
certificate because I do not have one.
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I3:
sent MI3, expecting MR3
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: Main mode peer ID
is ID_IPV4_ADDR: 'xx.xx.xx.xx'
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #1: STATE_MAIN_I4:
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: initiating Quick
Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
Jun  6 18:41:38 oswan-server pluto[843]: "net-net" #2: STATE_QUICK_I2:
sent QI2, IPsec SA established {ESP=>0xeaac6cd0 <0xf880d5d4
xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}


What i can found the problem is :  I did not send a certificate because
I do not have one. I try to use manual keying. Please help. Thanks.


Best Regards
Sean

More information about the Users mailing list