[Openswan Users] 转发: How to make a net-to-net connetion with x.509?
shawnlau
net17sharplau at 163.com
Thu Mar 26 05:46:40 EDT 2009
·¢¼þÈË: shawnlau [mailto:net17sharplau at 163.com]
·¢ËÍʱ¼ä: 2009Äê3ÔÂ26ÈÕ 17:34
ÊÕ¼þÈË: 'users at openswan.org'
Ö÷Ìâ: How to make a net-to-net connetion with x.509?
Hi all !
When I try to connect two network with x.509 authentication way, there
always occur an error like below:
[root at telips ~]# ipsec auto --up n-n
104 "n-n" #3: STATE_MAIN_I1: initiate
003 "n-n" #3: received Vendor ID payload [Openswan (this version) 2.6.14 ]
003 "n-n" #3: received Vendor ID payload [Dead Peer Detection]
003 "n-n" #3: received Vendor ID payload [RFC 3947] method set to=109
106 "n-n" #3: STATE_MAIN_I2: sent MI2, expecting MR2
003 "n-n" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT
detected
108 "n-n" #3: STATE_MAIN_I3: sent MI3, expecting MR3
003 "n-n" #3: ignoring informational payload, type INVALID_ID_INFORMATION
msgid=00000000
003 "n-n" #3: received and ignored informational message
Google for a long time , But still no answer for this. I try to use other
people¡¯s ipsec.conf, but the error still appearance.
My ipsec.conf like below:
On LEFT:
config setup
interfaces=%defaultroute
nat_traversal=yes
protostack=netkey
conn %default
authby=rsasig
compress=yes
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
disablearrivalcheck=no
conn n-n
left=10.255.255.8
leftsubnet=192.168.100.0/24
leftcert=left.pem
right=172.16.255.7
rightsubnet=192.168.200.0/24
pfs=yes
auto=add
On RIGHT:
config setup
interfaces=%defaultroute
nat_traversal=yes
protostack=netkey
conn %default
authby=rsasig
compress=yes
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
disablearrivalcheck=no
conn n-n
left=10.255.255.8
leftsubnet=192.168.100.0/24
leftcert=left.pem
right=172.16.255.7
rightsubnet=192.168.200.0/24
rightcert=right.pem
pfs=yes
auto=add
And I add this line ( : RSA /etc/ipsec.d/private/right.key ¡°passwd¡±) to my
right server¡¯s ipsec.secret file, not add this in left server.
Every pubkey or privatekey are all placed in the correct place.
But when use command :
[root at right ~]# ipsec auto ¨Cup n-n
on my right serer, the error still that shows like above .
I hope you could tell me the way to solve this problem!
My openswan version is : openswan-2.6.14-1.el5_2.1
Thanks very much!
Shawn with my best regards!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090326/e266530a/attachment-0001.html
More information about the Users
mailing list