[Openswan Users] Phase I completed,but Phase II error
Paul Wouters
paul at xelerance.com
Thu Oct 11 00:27:03 EDT 2007
On Thu, 11 Oct 2007, ??? wrote:
> my client box openswan is 2.4.9 version which runs on arm linux 2.4.19.
>
> the server log is as follows:
> 2007-10-11 09:55:49 system info 00536 IKE<61.30.115.91> Phase 2 msg ID
> <1870a061>: Responded to the peer's first message from user
> <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
> 2007-10-11 09:55:34 system info 00536 IKE<61.30.115.91> Phase 2 msg ID
> <1ec5c04a>: Responded to the peer's first message from user
> <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
> 2007-10-11 09:54:58 system info 00536 IKE<61.30.115.91> Phase 2 msg ID
> <1ec5c04a>: Responded to the peer's first message from user
> <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
> 2007-10-11 09:54:45 system info 00536 IKE<61.30.115.91> Phase 1:
> Completed Main mode negotiations with a <28800>-second lifetime.
> 2007-10-11 09:54:45 system info 00536 IKE<61.30.115.91> Phase 1:
> Completed for user
> <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
I am not sure. what does the openswan end say?
> conn dawn-net
> authby=rsasig
> esp=3DES-SHA1
> left=%defaultroute
> leftsubnet=192.168.1.0/24
> leftnexthop=%defaultroute
> leftcert=/etc/ipsec.d/mycert2.pem
> leftrsasigkey=%cert
> right=211.78.84.93
> rightid="@SSG550.sti.com.tw"
> rightsubnet=10.2.111.0/24
> rightnexthop=%defaultroute
> auto=add
> pfs=no
It's very unusual to use certificates and specify a rightid= that's not a full DN
while using no leftid= (and thus a DN)
Show the output of: ipsec auto replace dawn-net ; ipsec auto --up dawn-net
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list