[wesley]

Hello,

I come back. For over a week, i break my head to run the vpn, it is mounted, but there is no traffic, what is more, i have a problem about phase 2 in ipsec.conf.

To summarize :
My firewall : 10.0.0.113/24 ; FTP SERVER : 10.0.0.11524
My network (A) have 10.0.0.0 /24, same network for site 2(B).

So we need to implement : address translation
Site A will be : 192.168.192.0 /24
Site B will be : 192.168.191.0 /24

Ip address for A : 11.11.11.11
IP address for B : 22.22.22.22

I attach my files : ipsec.conf and pf.conf

I have this error in my /var/log/daemon :
Sep 17 11:00:01 sdsl114 newsyslog[5191]: logfile turned over
Sep 17 11:04:18 sdsl114 savecore: no core dump
Sep 17 11:04:19 sdsl114 isakmpd[19476]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 192.168.191.0/255.255.255.0, responder id 192.168.192.0/255.255.255.0
Sep 17 11:04:19 sdsl114 isakmpd[19476]: dropped message from 22.22.22.22 port 500 due to notification type INVALID_ID_INFORMATION
Sep 17 11:04:19 sdsl114 ftp-proxy[13321]: listening on 11.11.11.11 port 21

When i type ipsecctl -sa, i have :
FLOWS:
flow esp in from 192.168.191.0/24 to 10.0.0.0/24 peer 22.22.22.22 srcid 11.11.11.11/32 dstid 22.22.22.22/32 type use
flow esp out from 10.0.0.0/24 to 192.168.191.0/24 peer 22.22.22.22 srcid 11.11.11.11/32 dstid 22.22.22.22/32 type require
SAD:
esp tunnel from 11.11.11.11 to 22.22.22.22 spi 0x5f3b4329 auth hmac-sha1 enc aes-256
esp tunnel from 22.22.22.22 to 11.11.11.11 spi 0x60ecca8f auth hmac-sha1 enc aes-256

Can you help me please? thank's