<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=gb2312"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:ËÎÌå;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@ËÎÌå";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:156769527;
mso-list-template-ids:-1235308208;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1470435718;
mso-list-template-ids:196361566;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link="#0563C1" vlink="#954F72" style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><span lang=EN-US>HI,super,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>We are prepare use SOPHOS UTM and centos to build a net2net vpn network.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>For test ,we have two UTMs(b.company.cn,c.company.cn)</span><span style='font-family:ËÎÌå'>¡¢</span><span lang=EN-US>one centos(a.company) and one windows <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>We use the windows act as a <span style='background:silver;mso-highlight:silver'>certifying authority</span> , and issue cert for them :<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='background:silver;mso-highlight:silver'>a .company.cn.cer</span><span lang=EN-US> , <span style='background:silver;mso-highlight:silver'>b.company.cn.cer</span> , <span style='background:silver;mso-highlight:silver'>c.company.cn</span> , and export a CA : ca.pfx<o:p></o:p></span></p><p class=MsoNormal align=left style='margin-left:0cm;text-align:left;text-indent:-18.0pt;line-height:18.0pt;mso-list:l1 level1 lfo1;background:#F2F2F2'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>¡¤<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>use openssl convert a/b/c.company.cn.cer to a/b/c.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>we are upload the ca.pfx to b.company.cn and c.company.cn to <span style='background:silver;mso-highlight:silver'>site-to-site VPN ->Certificate management -> certifying authority</span> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> upload the b.pem to c.company.cn <span style='background:silver;mso-highlight:silver'>site-to-site VPN ->Certificate management -> Certificate</span><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> upload the c.pem to b.company.cn <span style='background:silver;mso-highlight:silver'>site-to-site VPN ->Certificate management -> Certificate</span><o:p></o:p></span></p><p class=MsoNormal align=left style='margin-left:0cm;text-align:left;text-indent:-18.0pt;line-height:18.0pt;mso-list:l0 level1 lfo2;background:#F2F2F2'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>¡¤<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US>and set up a IPsec VPN connect .the remote gateway <span style='background:silver;mso-highlight:silver'>authentication type</span> is <span style='background:silver;mso-highlight:silver'>local x509 certificate</span> and certificate is pem Certificate , b.company.cn set certificate is c.pem, c.company.cn set certificate is b.pem , the Connections is establish<o:p></o:p></span></p><p class=MsoNormal align=left style='text-align:left;line-height:18.0pt;background:#F2F2F2'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal align=left style='text-align:left;line-height:18.0pt;background:#F2F2F2'><span lang=EN-US>NOW, we are on Centos setup strongswan.<o:p></o:p></span></p><p class=MsoNormal align=left style='text-align:left;line-height:18.0pt;background:#F2F2F2'><span lang=EN-US>We are copy the pem and ca.pfx to the computer ,but we are received a error form log/messages: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.1, Linux 2.6.32-358.el6.x86_64, x86_64)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate "CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/cacerts/ca.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate "CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/private/ca.pfx'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loaded RSA private key from '/usr/local/etc/ipsec.d/private/ca.pfx'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[CFG] loaded 0 RADIUS server configurations<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-radius eap-peap xauth-generic<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[LIB] unable to load 8 plugin features (8 due to unmet dependencies)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 00[JOB] spawning 16 worker threads<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 05[CFG] received stroke: add ca 'addca'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 05[CFG] loaded ca certificate "CN=IPSecVPN-CA" from 'ca.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 05[CFG] added ca 'addca'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 07[CFG] received stroke: add connection 'net-net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 07[CFG] loaded certificate "C=cn, O=gw-c, CN=gw-c.eco-schulte.cn" from 'gw-c.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 07[CFG] id 'gw-a.eco-schulte.cn' not confirmed by certificate, defaulting to 'C=cn, O=gw-c, CN=gw-c.eco-schulte.cn'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 07[CFG] added configuration 'net-net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 09[CFG] received stroke: add connection 'xl2tp'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:03 gateway charon: 09[CFG] added configuration 'xl2tp'<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:15 gateway charon: 11[NET] received packet: from 59.37.27.178[500] to 59.37.27.180[500] (256 bytes)<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:15 gateway charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:15 gateway charon: 11[IKE] no IKE config found for 59.37.27.180...59.37.27.178, sending NO_PROPOSAL_CHOSEN<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:15 gateway charon: 11[ENC] generating INFORMATIONAL_V1 request 3529918923 [ N(NO_PROP) ]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:15 gateway charon: 11[NET] sending packet: from 59.37.27.180[500] to 59.37.27.178[500] (40 bytes)<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:55 gateway charon: 12[NET] received packet: from 59.37.27.178[500] to 59.37.27.180[500] (256 bytes)<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:55 gateway charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V ]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:55 gateway charon: 12[IKE] no IKE config found for 59.37.27.180...59.37.27.178, sending NO_PROPOSAL_CHOSEN<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:55 gateway charon: 12[ENC] generating INFORMATIONAL_V1 request 3127351181 [ N(NO_PROP) ]<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;background:silver;mso-highlight:silver'>Nov 9 22:16:55 gateway charon: 12[NET] sending packet: from 59.37.27.180[500] to 59.37.27.178[500] (40 bytes)</span></b><b><span lang=EN-US style='font-size:12.0pt'><o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:#666666'>Where are we not doing? Thank a lot !!</span><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:black'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:12.0pt;color:black'><o:p> </o:p></span></b></p></div></body></html>