我的操作系统是RHEL6.2-64位的,用的是yum直接安装的openswan
下面是建立隧道的时候报的错:
[root@localhost ~]# ipsec auto --up net-to-net
104 "net-to-net" #38: STATE_MAIN_I1: initiate
003 "net-to-net" #38: received Vendor ID payload [Openswan (this version) 2.6.32 ]
003 "net-to-net" #38: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #38: received Vendor ID payload [RFC 3947] method set to=109
106 "net-to-net" #38: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #38: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
003 "net-to-net" #38: Can't find the private key from the NSS CERT (err -12285)
108 "net-to-net" #38: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
031 "net-to-net" #38: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "net-to-net" #38: starting keying attempt 2 of an unlimited number, but releasing whack
104 "net-to-net" #38: STATE_MAIN_I1: initiate
003 "net-to-net" #38: received Vendor ID payload [Openswan (this version) 2.6.32 ]
003 "net-to-net" #38: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #38: received Vendor ID payload [RFC 3947] method set to=109
106 "net-to-net" #38: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #38: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
003 "net-to-net" #38: Can't find the private key from the NSS CERT (err -12285)
108 "net-to-net" #38: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
031 "net-to-net" #38: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "net-to-net" #38: starting keying attempt 2 of an unlimited number, but releasing whack
我把我的配置文件也粘过来
cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf
#include /etc/ipsec.d/*.conf
conn net-to-net
left=192.168.0.20 # LServer外网IP地址
leftsubnet=192.168.10.0/24 # LServer内网IP段
leftid=@LServer.gaojinbo.com # LServer的标识
leftrsasigkey=0sAQPCqw17+SydtoQgrA25BCfWzlZlyOmZ677fUQem43yd8W4N1vOBLClfNWja2jJEzjbZLhkEOJL1oIhcJqhmZDCsLxyd9iRMxnuBiWNRaTRxwL7LGt8FmNDymYPA4PDVyQ/DP9copNHHhZPj8fIJkp/Mp82qk/xqfNLNsrzzjBsvMQLrQEp2Wwn0sONWI9fg8FRNoM96dMobmLlt6vlP7q6hqz34WOw1Vu6ELaTBrbCaFlBK96kl25PpzQYczDwAqjoESM3aGSdfk2tUoVlWGfACQVseZj2FbTFdU4gDZ6L6LRpPEvNh3SkMQ4T4tOK0SzaLwAR5nCoyWbmoKyAyOxKaRbzHkD68TnEcCQ6+0Fc87qkR # LServer的公钥
leftnexthop=%defaultroute # LServer的下一跳指定为默认路由地址
right=192.168.0.21 # RServer外网IP地址
rightsubnet=192.168.20.0/24 # RServer内网IP段
rightid=@RServer.gaojinbo.com # RServer的标识
rightrsasigkey=0sAQOnilJks5MvG2EAJXfDGgZX4m7lDG0Pe0lZXMGSDowwzdpgXJ4Dhd22zKK9RH/3pnyR+gJO55j3UFmXElV9k3rQFt25X9cgw5QTIa7eVrca2ieHvvqugHtCEwD3jciaLJUkH9s8+9kik1+qoxmiSCS/0NMAGdnAVKsyLJvo+diiIhfRAlF7ZOyyKvMGMvwP2xaxYzv+kRcjuDerp/Bw2Wr4+KY1gjZfuSZnLPTAX2O8oNf8/ooRMWS/vxywjMk4hKUBwQ4XD2GTgVe2+KG43FTQx8zXH9c0BD14KUZJ8n6Z+1t4bobt+kK35hujyDdlyizZEme9K1NiRNCz3hizpCdUJ0SckY7xAMC37Y6R0lFDPlin
# Rserver的公钥
rightnexthop=%defaultroute # RServer的下一跳指定为默认路由地址
auto=start # 添加这个链接,启动时自动连接
left=192.168.0.20 # LServer外网IP地址
leftsubnet=192.168.10.0/24 # LServer内网IP段
leftid=@LServer.gaojinbo.com # LServer的标识
leftrsasigkey=0sAQPCqw17+SydtoQgrA25BCfWzlZlyOmZ677fUQem43yd8W4N1vOBLClfNWja2jJEzjbZLhkEOJL1oIhcJqhmZDCsLxyd9iRMxnuBiWNRaTRxwL7LGt8FmNDymYPA4PDVyQ/DP9copNHHhZPj8fIJkp/Mp82qk/xqfNLNsrzzjBsvMQLrQEp2Wwn0sONWI9fg8FRNoM96dMobmLlt6vlP7q6hqz34WOw1Vu6ELaTBrbCaFlBK96kl25PpzQYczDwAqjoESM3aGSdfk2tUoVlWGfACQVseZj2FbTFdU4gDZ6L6LRpPEvNh3SkMQ4T4tOK0SzaLwAR5nCoyWbmoKyAyOxKaRbzHkD68TnEcCQ6+0Fc87qkR # LServer的公钥
leftnexthop=%defaultroute # LServer的下一跳指定为默认路由地址
right=192.168.0.21 # RServer外网IP地址
rightsubnet=192.168.20.0/24 # RServer内网IP段
rightid=@RServer.gaojinbo.com # RServer的标识
rightrsasigkey=0sAQOnilJks5MvG2EAJXfDGgZX4m7lDG0Pe0lZXMGSDowwzdpgXJ4Dhd22zKK9RH/3pnyR+gJO55j3UFmXElV9k3rQFt25X9cgw5QTIa7eVrca2ieHvvqugHtCEwD3jciaLJUkH9s8+9kik1+qoxmiSCS/0NMAGdnAVKsyLJvo+diiIhfRAlF7ZOyyKvMGMvwP2xaxYzv+kRcjuDerp/Bw2Wr4+KY1gjZfuSZnLPTAX2O8oNf8/ooRMWS/vxywjMk4hKUBwQ4XD2GTgVe2+KG43FTQx8zXH9c0BD14KUZJ8n6Z+1t4bobt+kK35hujyDdlyizZEme9K1NiRNCz3hizpCdUJ0SckY7xAMC37Y6R0lFDPlin
# Rserver的公钥
rightnexthop=%defaultroute # RServer的下一跳指定为默认路由地址
auto=start # 添加这个链接,启动时自动连接
