[Openswan Users] Should enable or disable any options in kernel config to let the openswan work fine?

[mix]

I am using the openswan 2.4.9 with kernel 2.6.16.
I patched the kernel with klips patch and enable the klip option in 
kernel config. (i do not use the natt, so natt patch not be applied.)
Should i enable or disable any other options in kernel config to let the 
openswan work fine?

Because i always get the error messages
000 #2: "conn_10.1.1.2":500 STATE_MAIN_R1 (sent MR1, expecting MI2); 
EVENT_CRYPTO_FAILED in 250s; nodpd
000 #1: "conn_10.1.1.2":500 STATE_MAIN_R1 (sent MR1, expecting MI2); 
EVENT_CRYPTO_FAILED in 242s; nodpd


/tmp # ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.9/K2.4.7 (klips)
Checking for IPsec support in kernel                            [OK]
KLIPS detected, checking for NAT Traversal support              [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]