Discussion :

[irnatene]

salam alikum!
slt ! j'ai installé openswan sous mandriva 2006 j'ai suivi les etapes de configuration a la lettre puis arrivé a "start your connection" lors ce que je tape ipsec auto --net-to-net le message suivant m'apparait : 021 no connection named "net-to-net"
si quelqun pourrait m'aider.....
merci! et boncourage...........

[irnatene]

et en suite j'ai les message suivants que je ne comprend pas bcp biensur....si quelqun pourrait m'orienter.....:

[root@passerelleA irnatene]# ipsec auto --up net-to-net
104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=110
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #1: NAT-Traversal: Result using 3: no NAT detected
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #1: Signature check (on @localhost) failed (wrong key?); tried *AQNGqO5Eh
217 "net-to-net" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION
[root@passerelleA irnatene]# service ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.4.6...
ipsec_setup: insmod /lib/modules/2.6.12-12mdk/kernel/net/key/af_key.ko.gz
ipsec_setup: insmod /lib/modules/2.6.12-12mdk/kernel/net/ipv4/xfrm4_tunnel.ko.gz
ipsec_setup: insmod /lib/modules/2.6.12-12mdk/kernel/net/xfrm/xfrm_user.ko.gz

[irnatene]

et de l'autre coté de la deuxieme passerelle, le message suivant apparait:

104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=110
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #1: NAT-Traversal: Result using 3: no NAT detected
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION
003 "net-to-net" #1: received and ignored informational message
010 "net-to-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "net-to-net" #1: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION
003 "net-to-net" #1: received and ignored informational message
003 "net-to-net" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "net-to-net" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "net-to-net" #1: ignoring informational payload, type INVALID_KEY_INFORMATION
003 "net-to-net" #1: received and ignored informational message
031 "net-to-net" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "net-to-net" #1: starting keying attempt 2 of an unlimited number, but releasing whack

[irnatene]

je suis bloqué deuis presque troi semaines s'ils vous plait aidez moi ne serai ce que par un petite idee...merci

[irnatene]

c'etait le probleme de configuration du fichier ipsec.conf! j'ai inversé les clé RSA...et ca marche!! normalement!!!!
car lorsque je fais

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

ipsec eroute

le resultat suivant apparait:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

/usr/local/libexec/ipsec/eroute: NETKEY does not support eroute table.

si vous pouvez m'eclairer un peu ! je vous remercie d'avance...