After retry several times, now it seemed that two VPN gateways could begin with IKE_SA_INIT exchange but fail in IKE_AUTH exchange. Because when PC ping, it failed((<======>sg164----( is the syslog info:

Feb 22 21:12:15 SG164 iked: [PROTO_ERR]: crypto_openssl.c:351:cb_check_cert(): unable  to get local i
ssuer certificate(20) at depth:0 SubjectName:/C=CN/ST=JS/L=SZ/O=SUDA/OU=CSTS/CN=DCY/emailAddress=210
Feb 22 21:12:15 SG164 iked: [INTERNAL_ERR]: crypto_openssl.c:304:eay_check_x509cert():
Feb 22 21:12:15 SG164 iked: [INTERNAL_ERR]: ike_conf.c:399:ikev2_public_key(): failed verifying certificate authrotiy of cert (/usr/local/racoon2/etc/cert/sg158_cert.pem)
Feb 22 21:12:15 SG164 iked: [PROTO_ERR]: ike_conf.c:446:ikev2_public_key(): no matching public key
Feb 22 21:12:15 SG164 iked: [INTERNAL_ERR]: ikev2_auth.c:437:ikev2_auth_verify(): 4:[5
00] -[500]:(nil):failed to get public key
Feb 22 21:12:15 SG164 iked: [PROTO_ERR]: ikev2.c:2052:responder_ike_sa_auth_recv(): 4:
[500] -[500]:0x85f0718:authentication failure
Feb 22 21:12:15 SG164 iked: [INFO]: ike_sa.c:229:ikev2_abort(): 4:[500] -
59[500]:(nil):aborting ike_sa

The /usr/local/racoon2/etc/cert/ of PC includes:
3ff121bd.0 ------  The result of typing " ln -s cacert.pem `openssl x509 -noout -hash -cacert.pem`.0" (Meaning? and Why do that?)
cacert.pem ------ The CA certificate
sg158_cert.pem  ------- The peer's certificate
sg164_cert.pem  sg164_key.pem ------ My certificate and private key

Is there anything wrong with the configuration of cert/ ?  Could anyone  who  has successfully configured racoon2 give me some help and/or advice?
Thanks for ahead.


Du Chun-yan