[Openswan Users] starting keying attempt 2 of an unlimited number for ISAKMP SA, but releasing whack for pending IPSEC SA

Fri Dec 28 11:20:59 EST 2007

Hi list

Im trying to setup my vpn with a nat traversal option and i have the 
following error:

starting keying attempt 2 of an unlimited number for ISAKMP SA, but 
releasing whack for pending IPSEC SA

My ipsec.conf is:

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # plutodebug / klipsdebug = "all", "none" or a combation from 
below:
         # "raw crypt parsing emitting control klips pfkey natt x509 
private"
         # eg:
         plutodebug="control parsing"
         #
         # Only enable klipsdebug=all if you are a developer
         #
         # NAT-TRAVERSAL support, see README.NAT-Traversal
         nat_traversal=yes
         # 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
         #
         # enable this if you see "failed to find any available worker"
         nhelpers=0

# Add connections here

conn casa-company
         left=192.168.1.100
         leftsubnet=192.168.1.0/24
         leftid=1.2.3.4
	leftrsasigkey=0sAQOQrB...........
	leftnexthop=192.168.1.1
         right=5.6.7.8
         rightid=5.6.7.8
         rightsubnet=172.18.0.0/21      		     		 
rightrsasigkey=0sAQO+Oo/vAv.......
	 rightnexthop=5.6.7.9
         auto=add
         #
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Where my left side is the nat connection. Im using netkey therefore i 
think i dont need to compile my kernel.

im using centos 5 and my kernel version is 2.6.18-8.el5PAE

Thanks a lot

Cris