Hello, I tried to connect 2 networks, both running DCD and IPSEC 1.91. One network is 192.168.3.x and the other is 192.168.9.x. After some efforts, I made both IPSEC start up without error.
Now pinging from 192.168.9 to 192.168.3 does not work. When I have a look at /var/log/auth.log, I see all messages with pattern like: --- Apr 21 07:06:29 router Pluto[1575]: "Bin" #402: starting keying attempt 201 of an unlimited number Apr 21 07:06:29 router Pluto[1575]: "Bin" #404: initiating Main Mode Apr 21 07:06:39 router Pluto[1575]: "Bin" #404: discarding duplicate packet; already STATE_MAIN_I3 Apr 21 07:06:43 router Pluto[1575]: "Bin" #405: responding to Main Mode Apr 21 07:06:43 router Pluto[1575]: "Bin" #403: max number of retransmissions (2) reached STATE_MAIN_R2 Apr 21 07:06:44 router Pluto[1575]: "Bin" #405: no suitable connection for peer '@subnet9.btsoft.net' Apr 21 07:06:54 router Pluto[1575]: "Bin" #405: no suitable connection for peer '@subnet9.btsoft.net' Apr 21 07:06:59 router Pluto[1575]: "Bin" #404: discarding duplicate packet; already STATE_MAIN_I3 Apr 21 07:07:14 router Pluto[1575]: "Bin" #405: no suitable connection for peer '@subnet9.btsoft.net' Apr 21 07:07:39 router Pluto[1575]: "Bin" #404: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message --- What can be a reason? Is that may be something wrong with the key? The way I enter the key is: - I generated the key using "ipsec rsasigkey --verbose 512 > mykey". Then I insert the file mykey into ipsec.secrets between the lines : RSA { # -- Create your own RSA key with "ipsec rsasigkey" #### HERE the file mykey went <<<<----------------- } # do not change the indenting of that "}" then I copy the part after line Modulus: 0x5652... and put it in line leftrsasigkey (similar for rightsasigkey with the other key) in ipsec.conf, so e.g leftrsasigkey=0x5652... Is that OK or not. - Do I have to use "leftfirewall=yes" or not? From the archive and Charles' example, I do not see that, so I do not use this line. Thank you. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user