<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=big5" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19222">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff size=2 face=Verdana>Sorry,re-sent it.</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px"
dir=ltr>
<DIV style="FONT: 10pt 新細明體">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt 新細明體; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=ozai.tien@gmail.com href="mailto:ozai.tien@gmail.com">Ozai</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>To:</B> <A title=users@lists.openswan.org
href="mailto:users@lists.openswan.org">users@lists.openswan.org</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Sent:</B> Thursday, May 24, 2012 5:44 PM</DIV>
<DIV style="FONT: 10pt 新細明體"><B>Subject:</B> [Openswan Users] netkey openswan
Hardware Acceleration</DIV>
<DIV><BR></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>
<DIV><FONT color=#0000ff size=2 face=Verdana><FONT color=#000000 size=3
face=新細明體>Dear Sirs,<BR><BR>About the openswan with netkey stack,I ever
tried it before.But it's failed.<BR>PC1 can ping to PC2 but PC2 can not ping
to PC1. I do not know what the <BR>procedures I lost.Could someone help me on
this question?thank's.<BR>====================================<BR><My test
environment><BR>PC1----------------GW1(ipsec-tool)------------------GW2(openswan)-------------PC2<BR>192.168.6.1
172.17.21.87
172.17.21.80
192.168.1.100<BR>================================<BR><ipsec.conf
><BR>config
setup<BR> interfaces=%defaultroute<BR> oe=off<BR> protostack=netkey<BR><BR>conn
%default<BR> connaddrfamily=ipv4<BR> keyexchange=ike<BR>
ike=3des-md5;modp1024<BR> phase2alg=3des-md5;modp1024<BR>
auth=esp<BR> type=tunnel<BR> authby=secret<BR>
auto=start<BR><BR>conn sample<BR> left=172.17.21.80<BR>
leftsubnet=192.168.1.0/24<BR> right=172.17.21.87<BR>
rightsubnet=192.168.6.0/24<BR>==============================<BR><ipsec.secrets><BR>172.17.21.80
172.17.21.87 : PSK
"12345"<BR>========================================<BR><Kernel
feature><BR>CONFIG_XFRM=y<BR>CONFIG_XFRM_USER=m<BR>CONFIG_XFRM_MIGRATE=y<BR>CONFIG_NET_KEY=y<BR>CONFIG_NET_KEY_MIGRATE=y<BR>========================================</FONT></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana><FONT color=#000000 size=3
face=新細明體><log></FONT></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana><FONT color=#000000 size=3
face=新細明體>Jan 1 00:02:30 daemon err ipsec_setup: Starting Openswan IPsec
U2.6.38/K2.6.30...<BR>Jan 1 00:02:31 daemon err ipsec_setup: Using
NETKEY(XFRM) stack<BR>Jan 1 00:02:33 authpriv err ipsec__plutorun:
Starting Pluto subsystem...<BR>Jan 1 00:02:33 daemon err ipsec_setup:
...Openswan IPsec started<BR>Jan 1 00:02:34 daemon err ipsec__plutorun:
adjusting ipsec.d to /var/ipsec.d<BR>Jan 1 00:02:34 user warn syslog:
adjusting ipsec.d to /var/ipsec.d<BR>Jan 1 00:02:34 authpriv warn
pluto[1568]: LEAK_DETECTIVE support [disabled]<BR>Jan 1 00:02:34
authpriv warn pluto[1568]: OCF support for IKE [disabled]<BR>Jan 1
00:02:34 authpriv warn pluto[1568]: NSS support [disabled]<BR>Jan 1
00:02:34 authpriv warn pluto[1568]: HAVE_STATSD notification support not
compiled in<BR>Jan 1 00:02:34 authpriv warn pluto[1568]: Setting
NAT-Traversal port-4500 floating to off<BR>Jan 1 00:02:34 authpriv warn
pluto[1568]: port floating activation criteria
nat_t=0/port_float=1<BR>Jan 1 00:02:34 authpriv warn
pluto[1568]: NAT-Traversal support
[disabled]<BR>Jan 1 00:02:34 authpriv warn pluto[1568]: using
/dev/urandom as source of random entropy<BR>Jan 1 00:02:34 authpriv warn
pluto[1568]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)<BR>Jan 1 00:02:34 authpriv warn pluto[1568]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<BR>Jan 1
00:02:34 authpriv warn pluto[1568]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)<BR>Jan 1 00:02:34 authpriv warn pluto[1568]:
starting up 1 cryptographic helpers<BR>Jan 1 00:02:34 authpriv warn
pluto[1583]: using /dev/urandom as source of random entropy<BR>Jan 1
00:02:34 authpriv warn pluto[1568]: started helper pid=1583
(fd:6)<BR>Jan 1 00:02:34 authpriv warn pluto[1568]: Using Linux 2.6
IPsec interface code on 2.6.30 (experimental code)<BR>Jan 1 00:02:36
authpriv warn pluto[1568]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
(ret=0)<BR>Jan 1 00:02:36 authpriv warn pluto[1568]: ike_alg_add():
ERROR: algo_type '0', algo_id '0', Algorithm type already exists<BR>Jan
1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating
aes_ccm_12: FAILED (ret=-17)<BR>Jan 1 00:02:36 authpriv warn
pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type
already exists<BR>Jan 1 00:02:36 authpriv warn pluto[1568]:
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)<BR>Jan 1
00:02:36 authpriv warn pluto[1568]: ike_alg_add(): ERROR: algo_type '0',
algo_id '0', Algorithm type already exists<BR>Jan 1 00:02:36 authpriv
warn pluto[1568]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED
(ret=-17)<BR>Jan 1 00:02:36 authpriv warn pluto[1568]: ike_alg_add():
ERROR: algo_type '0', algo_id '0', Algorithm type already exists<BR>Jan
1 00:02:36 authpriv warn pluto[1568]: ike_alg_register_enc(): Activating
aes_gcm_12: FAILED (ret=-17)<BR>Jan 1 00:02:36 authpriv warn
pluto[1568]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type
already exists<BR>Jan 1 00:02:36 authpriv warn pluto[1568]:
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)<BR>Jan 1
00:02:37 authpriv warn pluto[1568]: Could not change to directory
'/var/ipsec.d/cacerts': No such file or directory<BR>Jan 1 00:02:37
authpriv warn pluto[1568]: Could not change to directory
'/var/ipsec.d/aacerts': No such file or directory<BR>Jan 1 00:02:37
authpriv warn pluto[1568]: Could not change to directory
'/var/ipsec.d/ocspcerts': No such file or directory<BR>Jan 1 00:02:37
authpriv warn pluto[1568]: Could not change to directory '/var/ipsec.d/crls':
2 No such file or directory<BR>Jan 1 00:02:37 authpriv warn pluto[1568]:
added connection description "sample"<BR>Jan 1 00:02:37 daemon err
ipsec__plutorun: 002 added connection description "sample"<BR>Jan 1
00:02:37 authpriv warn pluto[1568]: listening for IKE messages<BR>Jan 1
00:02:37 authpriv warn pluto[1568]: adding interface eth0.1/eth0.1
172.17.21.80:500<BR>Jan 1 00:02:37 authpriv warn pluto[1568]: adding
interface br0/br0 192.168.1.254:500<BR>Jan 1 00:02:37 authpriv warn
pluto[1568]: adding interface lo/lo 127.0.0.1:500<BR>Jan 1 00:02:37
authpriv warn pluto[1568]: adding interface lo/lo ::1:500<BR>Jan 1
00:02:37 authpriv warn pluto[1568]: loading secrets from
"/var/ipsec.secrets"<BR>Jan 1 00:02:38 authpriv warn pluto[1568]:
"sample" #1: initiating Main Mode<BR>Jan 1 00:02:38 daemon err
ipsec__plutorun: 104 "sample" #1: STATE_MAIN_I1: initiate<BR>Jan 1
00:02:38 authpriv warn pluto[1568]: "sample" #1: received Vendor ID payload
[Dead Peer Detection]<BR>Jan 1 00:02:38 authpriv warn pluto[1568]:
"sample" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<BR>Jan 1 00:02:38 authpriv warn pluto[1568]: "sample" #1:
STATE_MAIN_I2: sent MI2, expecting MR2<BR>Jan 1 00:02:39 authpriv warn
pluto[1568]: "sample" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<BR>Jan 1 00:02:39 authpriv warn pluto[1568]: "sample" #1:
STATE_MAIN_I3: sent MI3, expecting MR3<BR>Jan 1 00:02:39 authpriv warn
pluto[1568]: "sample" #1: Main mode peer ID is ID_IPV4_ADDR:
'172.17.21.87'<BR>Jan 1 00:02:39 authpriv warn pluto[1568]: "sample" #1:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<BR>Jan 1
00:02:39 authpriv warn pluto[1568]: "sample" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}<BR>Jan 1 00:02:39 authpriv warn
pluto[1568]: "sample" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:eef2291d
proposal=3DES(3)_192-MD5(1)_128
pfsgroup=OAKLEY_GROUP_MODP1024}<BR>========================================</FONT></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana><FONT color=#000000 size=3
face=新細明體><test step><BR>When wan interface up<BR>1.configuration
ipsec.conf<BR>2.configuration ipsec.secrets<BR>3.ipsec setup
start<BR><BR><BR>Best
Regards,<BR>Ozai</FONT><BR></DIV></FONT></FONT></DIV></BLOCKQUOTE></BODY></HTML>