[Openswan Users] openswan 2.4.9 run on ARM error ?

李正光 xjklee at gmail.com
Thu Sep 27 03:05:08 EDT 2007 

The server log is :
---------------------------------------------------------------------------------------------------------------
2007-09-06 16:20:50   system   info  00536  IKE<**.30.115.**>
Phase 1: Negotiations have failed for user
<CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
2007-09-06 16:20:50   system   info  00536  IKE<**.30.115.**>
Phase 1: No private key exists to sign packets.
2007-09-06 16:20:44   system   info  00536  IKE<**.30.115.**>
Phase 1: Responder starts MAIN mode negotiations.
---------------------------------------------------------------------------------------------------------------
the ipsec.conf is the same as I put in the x86 linux environment,

version 2.0 # conforms to second version of ipsec.conf specification

config setup
 # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       klipsdebug=all
       plutodebug=all
 nat_traversal=yes
       interfaces="%defaultroute"

include /etc/ipsec.d/no_oe.conf

conn net-to-net
      authby=rsasig
      compress=yes
      esp=3DES-SHA1-96
      left=%defaultroute
      leftsubnet=192.168.1.0/24
      leftnexthop=%defaultroute
      leftcert=/etc/ipsec.d/mycert2.pem
      leftrsasigkey=%cert
      right=**.**.**.**
      rightid="@SSG550.sti.com.tw"
      rightsubnet=10.2.111.0/24
      rightnexthop=%defaultroute
      auto=add
      pfs=no
--------------------------------------------------------------------------------
Maybe you can give me a hint !

Thanks


2007/9/21, Paul Wouters <paul at xelerance.com>:
>
> On Fri, 21 Sep 2007, ??? wrote:
>
> > I have a client embedded machine which will connect to the remote IPSEC
> > server(juniper's SSG550 machine). The embedded machine is arm based
> machine
> > and its kernel is linux 2.4.19 .
> > I crosscompile openswan 2.4.9 with NAT-T patch/Klips and copy it to the
> > embedded machine.But it always show the error message:
> >
> >
> > pluto[217]: "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> >
> > 108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> >
> > pluto[217]: | modecfg pull: noquirk policy:push not-client
> > pluto[217]: | phase 1 is done, looking for phase 1 to unpend
> > pluto[217]: | next event EVENT_RETRANSMIT in 10 seconds for #1
>
> This doesn't seem to relate to arm vs x86. Are you sure the configuration
> isn't different and that is causing the problem?
>
> Why is the other end not sending the next packet? What is it its log?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070927/a24fb2b3/attachment.html

More information about the Users mailing list