[Openswan Users] How to setup site-to-site with two pppoe openswan gateway?
Paul Wouters
paul at xelerance.com
Tue Feb 6 10:41:11 EST 2007
On Tue, 6 Feb 2007, mix wrote:
> Subject: Re: [Openswan Users] How to setup site-to-site with two pppoe
> openswan gateway?
>
> I got this message
>
> 000 #65: "site_192.168.6.0_24-192.168.2.0_24":500 STATE_MAIN_I1 (sent
> MI1, expecting MR1); EVENT_RETRANSMIT in 21s; nodpd
> 000 #65: pending Phase 2 for "site_192.168.6.0_24-192.168.2.0_24"
> replacing #0
Disable plutodebug= and klipsdebug=, restart openswan, and then start
from scratch, showing us the entire log.
I can't tell for sure by this one line, but it might be that port 500 udp
is filtered on one or both ends, either by the ISP or by your gateways.
> conn site_192.168.2.0_24-192.168.6.0_24
> left=a.b.c.d
> leftsubnet=192.168.2.0/24
> right=w.x.y.z
> rightsubnet=192.168.6.0/24
>
> ike=AES256-SHA1-MODP1536,AES256-SHA1-MODP1024,AES256-SHA1-MODP768
> esp=AES256-SHA1-96
ike= and esp= lines shouldnt be needed for openswan-openswan connections.
> dpddelay=10
> dpdtimeout=15
> keyingtries=%forever
> keylife=24h
> ikelifetime=8h
> rekey=no
you probably want rekey=yes so the tunnel stays up for longer then keylife,
which you set to 24h.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list