RE: [Users] Tunnel Fail to Establish !

Wed, 27 Feb 2002 15:35:56 -0800 

Hi,
I link the two GW using a cross-UTP cable !Is there
any problem with this connection ?

I even tried Host to Host setup but failed too....

        eth0        eth1
GW2(PC1)---------------GW1(PC2)
 
GW1 IPSEC.CONF
--------------
config setup
   interface="ipsec0=eth1"
   klipsdebug=none
   plutodebug=none
   plutoload=%search
   plutostart=%search
   uniqueids=yes

conn %default
   keyingtries=0
   disablearrivalcheck=no
   authby=rsasig
   rightrsasigkey=0x0sAQ03...
   leftrsasigkey=0x0sAQN....

conn samplehth
   left=X.227.179.1
   leftnexthop=
   right=X.227.179.10
   rightnexthop=
   auto=add

GW2 IPSEC.CONF
--------------
config setup
   interface="ipsec0=eth0"
   klipsdebug=none
   plutodebug=none
   plutoload=%search
   plutostart=%search
   uniqueids=yes

conn %default
   keyingtries=0
   disablearrivalcheck=no
   authby=rsasig
   leftrsasigkey=0x0sAQ03...
   rightrsasigkey=0x0sAQN....

conn samplehth
   left=X.227.179.10
   leftnexthop=
   right=X.227.179.1
   rightnexthop=
   auto=add

PS: Both host are in the same subnet and they are not
running any firewall script. Both PCs are P1-166
running with at least 48mb ram and RH7.1 (2.4.14) 

When i tried to ipsec auto --up samplehth, it give me
the following result:
104 "samplehth" #1: STATE_MAIN_I1: initiate
106 "samplehth" #1: STATE_MAIN_I2: from STATE_MAIN_I1;
sent MI2, expecting MR2
108 "samplehth" #1: STATE_MAIN_I3: from STATE_MAIN_I2;
sent MI3, expecting MR3
003 "samplehth" #1: discarding duplicate packet;
already STATE_MAIN_I3
010 "samplehth" #1: STATE_MAIN_I3: retransmission;
will wait 20s for response
.......
(This continue on and on !)

Can someone please help me !Or if anyone encountered
this before, how do you manage to solve it !

The public key for the leftrsasigkey and
rightrsasigkey are copied from the pubkey lines in
ipsec.secret !If manual key is used, can the problem
be solved !It will be better if someone can attach
some example or give me more URL on the configuration
!Thank a lot !

Cheers !

--- Glen S Mehn <[EMAIL PROTECTED]> wrote:
> It looks like you're using the same subnet on both
> sides, is that correct?
> Or is GW2 simply a host?
> 
> What kind of authentication are you using? PSK? rsa
> keys? x.509 certs?? I
> don't see any authby= in your ipsec.conf.
> 
> glen
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com

Reply via email to