[Openswan Users] Simple Help

Jae Chang jc-openswan at jline.com
Tue Nov 6 17:24:59 EST 2007


I am having a vexing problem, trying to move a tunnel from one gateway 
to another. Any help with fresh eyes, will be greatly appreciated.

I just want to verify that this type of configuration is okay:

conn xxx
       <deleted lines>
        right=206.113.192.186
        rightsubnet=206.113.192.128/25

Basically, is it okay to specify the right ipaddress, which is part of 
the rightsubnet? This is the main thing i see as being a possible 
problem. This configuration worked fine in an old freeswan gateway, but 
moving to openswan is giving me the following in ipsec barf below. it 
never gets past Phase I:

Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #39: max number of 
retransmissions (2) reached STATE_MAIN_I3.  Possible authenticat\
ion failure: no acceptable response to our first encrypted message
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #39: starting keying attempt 
15 of an unlimited number
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: initiating Main Mode to 
replace #39
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: transition from state 
STATE_MAIN_I1 to state STATE_MAIN_I2
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: STATE_MAIN_I2: sent MI2, 
expecting MR2
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: I did not send a 
certificate because I do not have one.
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: transition from state 
STATE_MAIN_I2 to state STATE_MAIN_I3
Nov  6 16:22:53 SGATE pluto[24129]: "xxx" #41: STATE_MAIN_I3: sent MI3, 
expecting MR3

Help is much appreciated!

Jae



More information about the Users mailing list