[Openswan Users] How to make a net-to-net connetion with x.509?

shawnlau net17sharplau at 163.com
Thu Mar 26 05:33:45 EDT 2009 

Hi all ! 

When I try to connect two network with x.509 authentication way, there
always occur an error like below:

 

[root at telips ~]# ipsec auto --up n-n

104 "n-n" #3: STATE_MAIN_I1: initiate

003 "n-n" #3: received Vendor ID payload [Openswan (this version) 2.6.14 ]

003 "n-n" #3: received Vendor ID payload [Dead Peer Detection]

003 "n-n" #3: received Vendor ID payload [RFC 3947] method set to=109 

106 "n-n" #3: STATE_MAIN_I2: sent MI2, expecting MR2

003 "n-n" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT
detected

108 "n-n" #3: STATE_MAIN_I3: sent MI3, expecting MR3

003 "n-n" #3: ignoring informational payload, type INVALID_ID_INFORMATION
msgid=00000000

003 "n-n" #3: received and ignored informational message

 

 

Google for a long time , But still no answer for this. I try to use other
people's ipsec.conf, but the error still appearance.

 

My ipsec.conf like below:

 

On LEFT:

 

config setup

    interfaces=%defaultroute

    nat_traversal=yes

    protostack=netkey

 

conn %default

    authby=rsasig

    compress=yes

    leftrsasigkey=%cert

    rightrsasigkey=%cert

    keyingtries=1

    disablearrivalcheck=no

 

conn n-n

    left=10.255.255.8

    leftsubnet=192.168.100.0/24

    leftcert=left.pem

    right=172.16.255.7

    rightsubnet=192.168.200.0/24

    pfs=yes

auto=add

 

 

 

 

On RIGHT:

 

config setup

    interfaces=%defaultroute

    nat_traversal=yes

    protostack=netkey

 

conn %default

    authby=rsasig

    compress=yes

    leftrsasigkey=%cert

    rightrsasigkey=%cert

    keyingtries=1

    disablearrivalcheck=no

 

conn n-n

    left=10.255.255.8

    leftsubnet=192.168.100.0/24

    leftcert=left.pem

    right=172.16.255.7

    rightsubnet=192.168.200.0/24

    rightcert=right.pem

    pfs=yes

    auto=add

 

 

And I add this line ( : RSA /etc/ipsec.d/private/right.key "passwd") to my
right server's ipsec.secret file, not add this in left server.  

Every pubkey or privatekey are all placed in the correct place.  

But when use command :

[root at right ~]# ipsec auto -up n-n 

on my right serer, the error still that shows like above .

I hope you could tell me the way to solve this problem!

My openswan version is : openswan-2.6.14-1.el5_2.1

Thanks very much!

 

 

Shawn with my best regards!

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090326/59c41528/attachment.html

More information about the Users mailing list