linux freeswan2.06 conn to d-link di-804hv problem?
i am setup ipsec to linux 9.0
setup freeswan to linux 9.0
linux 9.0:
IP address:10.167.29.161
[root@lulifeng root]# rpm -qa|grep frees
freeswan-userland-2.06_2.4.20_8-0
freeswan-module-2.06_2.4.20_8-0
[root@lulifeng root]# uname -a
Linux lulifeng 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
right:
d-link di-804hv vpn route
vi /etc/ipsec.conf
version 2.0
config setup
interfaces="ipsec0=eth0"
klipsdebug=all
plutodebug=all
conn dlink
left=10.167.29.161
right=10.167.29.163
keyexchange=ike
ikelifetime=330m
keylife=330m
pfs=yes
compress=no
authby=secret
auto=add
vi /etc/ipsec.secrets
10.167.29.161 10.167.29.163 : PSK "1234567890"
linux 9.0 log :
[root@lulifeng etc]# service ipsec stop
ipsec_setup: Stopping FreeS/WAN IPsec...
[root@lulifeng etc]# service ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 2.06...
ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o
[root@lulifeng etc]# ipsec auto --status
000 interface ipsec0/eth0 10.167.29.161
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore
000
000 "dlink": 10.167.29.161...10.167.29.163; unrouted; eroute owner: #0
000 "dlink": ike_life: 19800s; ipsec_life: 19800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "dlink": policy: PSK+ENCRYPT+PFS; prio: 32,32; interface: eth0;
000 "dlink": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000
[root@lulifeng etc]# ipsec look
lulifeng Sat Dec 10 20:35:01 HKT 2005
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.167.28.1 0.0.0.0 UG 0 0 0 eth0
10.167.28.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
10.167.28.0 0.0.0.0 255.255.254.0 U 0 0 0 ipsec0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
[root@lulifeng etc]# ipsec auto --up dlink
104 "dlink" #1: STATE_MAIN_I1: initiate
003 "dlink" #1: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_KE)
003 "dlink" #1: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_KE)
003 "dlink" #1: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_KE)
031 "dlink" #1: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
000 "dlink" #1: starting keying attempt 2 of an unlimited number, but releasing whack
d-link log:
WAN Type: Static IP Address (V1.41)
Display time: Wednesday December 14, 2005 11:19:27
Wednesday December 14, 2005 11:18:15 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group5
Wednesday December 14, 2005 10:54:26 Send IKE M2(RESP) : 10.167.29.163 --> 10.167.29.161
Wednesday December 14, 2005 10:54:31 IKED re-TX : RESP
Wednesday December 14, 2005 10:54:36 IKED re-TX : RESP
Wednesday December 14, 2005 10:54:46 IKED re-TX : RESP
Wednesday December 14, 2005 10:54:56 IKED re-TX : RESP
Wednesday December 14, 2005 10:55:06 receiving a re-Tx MM msg, response the last msg
Wednesday December 14, 2005 10:55:06 IKED re-TX : MM
Wednesday December 14, 2005 10:55:06 Send IKE (INFO) : delete 10.167.29.163 -> 10.167.29.161 phase 1
Wednesday December 14, 2005 10:55:06 IKE phase1 (ISAKMP SA) remove : 10.167.29.163 <-> 10.167.29.161
Wednesday December 14, 2005 10:55:46 Receive IKE M1(INIT) : 10.167.29.161 --> 10.167.29.163
Wednesday December 14, 2005 10:55:46 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group5
Wednesday December 14, 2005 10:55:46 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group5
Wednesday December 14, 2005 10:55:46 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Wednesday December 14, 2005 10:55:46 Send IKE M2(RESP) : 10.167.29.163 --> 10.167.29.161
Wednesday December 14, 2005 10:55:51 IKED re-TX : RESP
Wednesday December 14, 2005 10:55:56 IKED re-TX : RESP
Wednesday December 14, 2005 10:56:06 IKED re-TX : RESP
Wednesday December 14, 2005 10:56:16 IKED re-TX : RESP
Wednesday December 14, 2005 10:56:26 receiving a re-Tx MM msg, response the last msg
help me this problem!
thanks
my e-mail:myfreeke@gmail.com
|