我的操作系统是RHEL6.2-64位的,用的是yum直接安装的openswan
下面是建立隧道的时候报的错:
[root@localhost ~]# ipsec auto --up net-to-net
104 "net-to-net" #38: STATE_MAIN_I1: initiate
003 "net-to-net" #38: received Vendor ID payload [Openswan (this version) 2.6.32 ]
003 "net-to-net" #38: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #38: received Vendor ID payload [RFC 3947] method set to=109
106 "net-to-net" #38: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #38: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
003 "net-to-net" #38: Can't find the private key from the NSS CERT (err -12285)
108 "net-to-net" #38: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
010 "net-to-net" #38: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "net-to-net" #38: discarding duplicate packet; already STATE_MAIN_I3
003 "net-to-net" #38: ignoring informational payload, type INVALID_KEY_INFORMATION msgid=00000000
003 "net-to-net" #38: received and ignored informational message
031 "net-to-net" #38: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
000 "net-to-net" #38: starting keying attempt 2 of an unlimited number, but releasing whack
 
 
 
 
 
 
我把我的配置文件也粘过来
 cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=
        oe=off
        # Enable this if you see "failed to find any available worker"
        # nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf
conn net-to-net
    left=192.168.0.20              # LServer外网IP地址
    leftsubnet=192.168.10.0/24       # LServer内网IP段   
    [email protected]   # LServer的标识
    leftrsasigkey=0sAQPCqw17+SydtoQgrA25BCfWzlZlyOmZ677fUQem43yd8W4N1vOBLClfNWja2jJEzjbZLhkEOJL1oIhcJqhmZDCsLxyd9iRMxnuBiWNRaTRxwL7LGt8FmNDymYPA4PDVyQ/DP9copNHHhZPj8fIJkp/Mp82qk/xqfNLNsrzzjBsvMQLrQEp2Wwn0sONWI9fg8FRNoM96dMobmLlt6vlP7q6hqz34WOw1Vu6ELaTBrbCaFlBK96kl25PpzQYczDwAqjoESM3aGSdfk2tUoVlWGfACQVseZj2FbTFdU4gDZ6L6LRpPEvNh3SkMQ4T4tOK0SzaLwAR5nCoyWbmoKyAyOxKaRbzHkD68TnEcCQ6+0Fc87qkR    # LServer的公钥
    leftnexthop=%defaultroute      # LServer的下一跳指定为默认路由地址
    right=192.168.0.21             # RServer外网IP地址
    rightsubnet=192.168.20.0/24      # RServer内网IP段   
    [email protected]  # RServer的标识
    rightrsasigkey=0sAQOnilJks5MvG2EAJXfDGgZX4m7lDG0Pe0lZXMGSDowwzdpgXJ4Dhd22zKK9RH/3pnyR+gJO55j3UFmXElV9k3rQFt25X9cgw5QTIa7eVrca2ieHvvqugHtCEwD3jciaLJUkH9s8+9kik1+qoxmiSCS/0NMAGdnAVKsyLJvo+diiIhfRAlF7ZOyyKvMGMvwP2xaxYzv+kRcjuDerp/Bw2Wr4+KY1gjZfuSZnLPTAX2O8oNf8/ooRMWS/vxywjMk4hKUBwQ4XD2GTgVe2+KG43FTQx8zXH9c0BD14KUZJ8n6Z+1t4bobt+kK35hujyDdlyizZEme9K1NiRNCz3hizpCdUJ0SckY7xAMC37Y6R0lFDPlin
  # Rserver的公钥
    rightnexthop=%defaultroute     # RServer的下一跳指定为默认路由地址
    auto=start                     # 添加这个链接,启动时自动连接