Hello Vincent, it seems that the other end is not reachable on IKE UDP port 500. If you didn't start iptables then this port shouldn't be blocked. I rather suspect that the IKE daemon on the other end is either not running or not configured for the same IKE version (IKEv1 versus IKEv2).
Regards Andreas On 11.01.2011 02:49, wenrongbupt wrote: > Hi all, > > I configure the ipsec.conf according this url:http://www.strongswan.org > /uml/testresults/ikev2/host2host-cert/. > But everytime I run ipsec up host-host,the output is the packet > retransmit five times,then said establishing IKE_SA failed,peer not > response. > > I guess that the reason is I didn't configure iptables and didn't run > /etc/init.d/iptables.I hadn't found the iptables in the dir /etc/init.d. > I use ubuntu 9.04. > > I want to know how to configure iptables(the result same as > http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/moon.iptables > ) and the purpose of /etc/init.d/iptables? > > Thank you very much for your reply. > > Best Regards > vincent > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
