[Openswan Users] Internal subnet belongs to phase 2 negotiation

[shilang]

Dear Paul,

 

I have already had my site-to-site VPN established.

 

Now I go to local VPN change the correct local internal subnet from
10.218.101.0/24 to a wrong one like 10.218.102.0/24.

Then I find STATE_QUICK 1 has problem.

 

Now I go to local VPN change the correct local internal subnet from
10.218.101.0/24 to a wrong one like 10.218.102.0/24.

Then I find STATE_MAIN 3 has problem.

 

My question is the internal subnet for site-to-site VPN if wrong matching,
then it is the Quick Mode 1 problem right? I can not find this information
from openswan or internet.

 

Another question is we know IKE phase 1 has three exchange messages, why my
debug mode can see something like:

104 "asdfw" #146: STATE_MAIN_I1: initiate
003 "asdfw" #146: received Vendor ID payload [Dead Peer Detection]
106 "asdfw" #146: STATE_MAIN_I2: sent MI2, expecting MR2
108 "asdfw" #146: STATE_MAIN_I3: sent MI3, expecting MR3
004 "asdfw" #146: STATE_MAIN_I4: ISAKMP SA established
112 "asdfw" #147: STATE_QUICK_I1: initiate
004 "asdfw" #147: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x55f2c13e <0x903d241f}

There are I1, I2, I3, I4, four exchange messages? Why? And quick mode has
two exchange messages? I can not find this information from openswan or
internet.

 

Thanks Paul

Thanks in advance for any help.

 

Regards,

Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061119/4e61e563/attachment.html