Всем еще раз здрасьте!
уже выбился из сил, ничего не получается.
Может кто подскажет что да как.
Вопрос именно в том как связать racoon и openswan используя PSK
конфиг racoon

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}
log debug2;

remote 192.168.43.8
{
        exchange_mode aggressive, main;
        my_identifier address;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

Такой конфиг генерится CentOS5 при поднятии ipsec интерфейса. Его я менять не могу, т.к. он находится на удаленной машине которую администрирую не я.
вот начальный конфиг openswan

version    2.0    # conforms to second version of ipsec.conf specification

config setup
    protostack=netkey
    nat_traversal=yes
    virtual_private=
    oe=off
    nhelpers=0

conn test
    type=transport
    authby=secret
    left=192.168.43.8
    right=192.168.43.4
    auto=start
    salifetime=3600s
    auth=esp
#    compress=yes
#    ah=hmac-sha1-96
#    aggrmode=yes
#    ike=3des-sha1
#    keyexchange=ike
#    phase2=esp
#    phase2alg=3des-sha1
#    esp=3des-sha1

все что закомменчено было испробовано.

В данный момент пробую на тестовых машинах связать, тоже не получается.
У кого есть опыт скажите куда копать

лог racoon

2011-11-10 16:08:32: DEBUG: peer's single bundle:
2011-11-10 16:08:32: DEBUG:  (proto_id=ESP spisize=4 spi=6c72214a spi_p=00000000 encmode=Transport reqid=0:0)
2011-11-10 16:08:32: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2011-11-10 16:08:32: DEBUG: my single bundle:
2011-11-10 16:08:32: DEBUG:  (proto_id=AH spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
2011-11-10 16:08:32: DEBUG:   (trns_id=SHA authtype=hmac-sha)
2011-11-10 16:08:32: DEBUG:   (trns_id=MD5 authtype=hmac-md5)
2011-11-10 16:08:32: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
2011-11-10 16:08:32: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2011-11-10 16:08:32: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2011-11-10 16:08:32: DEBUG:   (trns_id=BLOWFISH encklen=448 authtype=hmac-sha)
2011-11-10 16:08:32: DEBUG:   (trns_id=BLOWFISH encklen=448 authtype=hmac-md5)
2011-11-10 16:08:32: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-sha)
2011-11-10 16:08:32: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-md5)
2011-11-10 16:08:32: ERROR: not matched
2011-11-10 16:08:32: ERROR: no suitable policy found.
2011-11-10 16:08:32: ERROR: failed to pre-process packet.
2011-11-10 16:08:32: DEBUG: compute IV for phase2
2011-11-10 16:08:32: DEBUG: phase1 last IV:

Лог openswan

Nov 10 16:18:18 z08 pluto[13994]: "test" #1: initiating Main Mode
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: received Vendor ID payload [Dead Peer Detection]
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.43.4'
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 10 16:18:18 z08 pluto[13994]: "test" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:83ade26e proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Nov 10 16:18:18 z08 pluto[13994]: "test" #1: received and ignored informational message
Nov 10 16:18:21 z08 pluto[13994]: initiate on demand from 192.168.43.8:51990 to 192.168.43.4:1025 proto=17 state: fos_start because: acquire
Nov 10 16:18:21 z08 pluto[13994]: "test" #3: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:4a81340c proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 10 16:18:21 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Nov 10 16:18:21 z08 pluto[13994]: "test" #1: received and ignored informational message
Nov 10 16:18:28 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Nov 10 16:18:28 z08 pluto[13994]: "test" #1: received and ignored informational message
Nov 10 16:18:31 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Nov 10 16:18:31 z08 pluto[13994]: "test" #1: received and ignored informational message

Всем заранее спасибо!!!

• racoon with openswan,zakharru, 16:31 , 11-Ноя-11
  • racoon with openswan,zakharru, 16:32 , 11-Ноя-11
  • racoon with openswan,McLeod095, 12:07 , 14-Ноя-11
    • racoon with openswan,McLeod095, 12:10 , 14-Ноя-11
      • racoon with openswan,McLeod095, 12:22 , 14-Ноя-11
        • racoon with openswan,McLeod095, 13:11 , 15-Ноя-11

>[оверквотинг удален]
> Nov 10 16:18:21 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
> msgid=00000000
> Nov 10 16:18:21 z08 pluto[13994]: "test" #1: received and ignored informational message
> Nov 10 16:18:28 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
> msgid=00000000
> Nov 10 16:18:28 z08 pluto[13994]: "test" #1: received and ignored informational message
> Nov 10 16:18:31 z08 pluto[13994]: "test" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
> msgid=00000000
> Nov 10 16:18:31 z08 pluto[13994]: "test" #1: received and ignored informational message
> Всем заранее спасибо!!!

Он же тебе пишет - > 2011-11-10 16:08:32: ERROR: no suitable policy found нужна политика к ко прим ipsec - напр
#!/usr/sbin/setkey -f
#
# Flush SAD and SPD
flush;
spdflush;

# Create policies for racoon
spdadd srcnet dstnet any -P out ipsec
    esp/tunnel/extip-extip/require;

и такая же обратная

>[оверквотинг удален]
> found нужна политика к ко прим ipsec - напр
> #!/usr/sbin/setkey -f
> #
> # Flush SAD and SPD
> flush;
> spdflush;
> # Create policies for racoon
> spdadd srcnet dstnet any -P out ipsec
>     esp/tunnel/extip-extip/require;
> и такая же обратная

http://www.ipsec-howto.org/x304.html - Здесь все разжевано

>[оверквотинг удален]
> found нужна политика к ко прим ipsec - напр
> #!/usr/sbin/setkey -f
> #
> # Flush SAD and SPD
> flush;
> spdflush;
> # Create policies for racoon
> spdadd srcnet dstnet any -P out ipsec
>     esp/tunnel/extip-extip/require;
> и такая же обратная

Со стороны racoon

setkey -DP
192.168.43.8[any] 192.168.43.4[any] any
    in prio def ipsec
    esp/transport//require
    ah/transport//require
    created: Nov 10 15:13:18 2011  lastused: Nov 10 16:08:27 2011
    lifetime: 0(s) validtime: 0(s)
    spid=1072 seq=10 pid=31067
    refcnt=1
192.168.43.4[any] 192.168.43.8[any] any
    out prio def ipsec
    esp/transport//require
    ah/transport//require
    created: Nov 10 15:13:18 2011  lastused: Nov 10 15:57:23 2011
    lifetime: 0(s) validtime: 0(s)
    spid=1065 seq=9 pid=31067
    refcnt=1
192.168.43.8[any] 192.168.43.4[any] any
    fwd prio def ipsec
    esp/transport//require
    ah/transport//require
    created: Nov 10 15:13:18 2011  lastused:                    
    lifetime: 0(s) validtime: 0(s)
    spid=1082 seq=8 pid=31067
    refcnt=1

cо стороны openswan

ip xfrm state
src 192.168.43.4 dst 192.168.43.8
    proto esp spi 0x2098f1e1 reqid 16385 mode transport
    replay-window 0
    sel src 192.168.43.4/32 dst 192.168.43.8/32
src 192.168.43.4 dst 192.168.43.8
    proto esp spi 0x0339517f reqid 16385 mode transport
    replay-window 0
    sel src 192.168.43.4/32 dst 192.168.43.8/32
src 192.168.43.4 dst 192.168.43.8
    proto esp spi 0xd30257d9 reqid 16385 mode transport
    replay-window 0
    sel src 192.168.43.4/32 dst 192.168.43.8/32
src 192.168.43.4 dst 192.168.43.8
    proto esp spi 0xcfbf4feb reqid 16385 mode transport
    replay-window 0
    sel src 192.168.43.4/32 dst 192.168.43.8/32
src 192.168.43.8 dst 192.168.43.4
    proto esp spi 0x00000000 reqid 0 mode transport
    replay-window 0
    sel src 192.168.43.8/32 dst 192.168.43.4/32 proto udp sport 51552 dport 1025

хотя на стороне racoon
setkey -D
No SAD entries.

очень странно

> хотя на стороне racoon
> setkey -D
> No SAD entries.
> очень странно

перегрузил racoon
setkey -D
192.168.43.4 192.168.43.8
        esp mode=transport spi=0(0x00000000) reqid=0(0x00000000)
        seq=0x00000000 replay=0 flags=0x00000000 state=larval
        created: Nov 14 12:22:39 2011   current: Nov 14 12:22:57 2011
        diff: 18(s)     hard: 30(s)     soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=2 pid=31181 refcnt=0
192.168.43.8 192.168.43.4
        ah mode=transport spi=184246672(0x0afb6190) reqid=0(0x00000000)
        seq=0x00000000 replay=0 flags=0x00000000 state=larval
        created: Nov 14 12:22:46 2011   current: Nov 14 12:22:57 2011
        diff: 11(s)     hard: 30(s)     soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=1 pid=31181 refcnt=0
192.168.43.8 192.168.43.4
        esp mode=transport spi=86217178(0x052391da) reqid=0(0x00000000)
        seq=0x00000000 replay=0 flags=0x00000000 state=larval
        created: Nov 14 12:22:46 2011   current: Nov 14 12:22:57 2011
        diff: 11(s)     hard: 30(s)     soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=0 pid=31181 refcnt=0

setkey -DP
192.168.43.8[any] 192.168.43.4[any] any
        in prio def ipsec
        esp/transport//require
        ah/transport//require
        created: Nov 14 12:22:39 2011  lastused:                    
        lifetime: 0(s) validtime: 0(s)
        spid=1992 seq=10 pid=31183
        refcnt=1
192.168.43.4[any] 192.168.43.8[any] any
        out prio def ipsec
        esp/transport//require
        ah/transport//require
        created: Nov 14 12:22:39 2011  lastused: Nov 14 12:23:43 2011
        lifetime: 0(s) validtime: 0(s)
        spid=1985 seq=9 pid=31183
        refcnt=3
192.168.43.8[any] 192.168.43.4[any] any
        fwd prio def ipsec
        esp/transport//require
        ah/transport//require
        created: Nov 14 12:22:39 2011  lastused:                    
        lifetime: 0(s) validtime: 0(s)
        spid=2002 seq=8 pid=31183
        refcnt=1

Нашел на одном форуме и вот в итоге сам отвечаю на свой вопрос

хоть на стороне с racoon я не могу ничего править, но мне удалось убедить добавить строку AH_PROTO=none в конфигурационный файл /etc/sysconfig/network-scripts/ifcfg-ipsec
кстати да, система centos.
после чего соединение между racoon и openswan поднялось и работает. Конечно я понимаю что это решение на скорую руку, и надо все таки завести нормально, но пока меня устраивает и такое шифрование, все лучше6 чем ничего