VPN configuration question

Plan to build VPN between machines A and B (RH9, FreeSwan 2.04).
Both A and B are end machines, there is no network behind them.
The physical layout is A-----Gateway-----B
Use manual Keying scheme. Both /etc/ipsec.secrets are
130.91.48.158 130.91.50.162 : PSK "0xMySecretKey"
Both /etc/ipsec.conf (with slight change, of course):

config setup
interfaces="ipsec0=eth0"
klipsdebug=all
plutodebug=all

conn A-B
left=130.91.48.158
leftsubnet=192.168.9.0/24
leftnexthop=130.91.48.1 # Building gateway
leftid=130.91.48.158
right=130.91.50.179
rightsubnet=192.168.0.0/24
rightnexthop=130.91.48.1 # Building gateway
rightid=130.91.50.179
keyingtries=0
spi=0x1111
esp=3des-md5-96
espenckey=0xMySecretKey
espauthkey=0xAnotherSecretKey
I run
$ service ipsec start
$ ipsec manual --up A-B
The system doesn't return any error. However, VPN is not up. I've spent
hours playing with the configuration file, but haven't made an progress.
Do I have to set up a reverse DNS RR in order to make it work? Any guru
can help spot problems? I hope to get it to work at least during the
upcoming Thanksgiving holidays.

Thanks all.
Donald Li
Dept. of Physics
Univ. of Penn


Below is from /var/log/secure on one machine:

Nov 25 15:40:32 nscp32 ipsec__plutorun: Starting Pluto subsystem...
Nov 25 15:40:32 nscp32 pluto[4387]: Starting Pluto (FreeS/WAN Version 2.04
PLUTO_USES_KEYRR)
Nov 25 15:40:32 nscp32 pluto[4387]: Using KLIPS IPsec interface code
Nov 25 15:40:32 nscp32 pluto[4387]: added connection description
"packetdefault"
Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "block"
Nov 25 15:40:33 nscp32 pluto[4387]: added connection description
"clear-or-private"
Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "clear"
Nov 25 15:40:33 nscp32 pluto[4387]: added connection description
"private-or-clear"
Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "private"
Nov 25 15:40:33 nscp32 pluto[4387]: listening for IKE messages
Nov 25 15:40:33 nscp32 pluto[4387]: adding interface ipsec0/eth0 130.91.48.158
Nov 25 15:40:33 nscp32 pluto[4387]: loading secrets from "/etc/ipsec.secrets"
Nov 25 15:40:33 nscp32 pluto[4387]: loading group
"/etc/ipsec.d/policies/private"
Nov 25 15:40:33 nscp32 pluto[4387]: loading group
"/etc/ipsec.d/policies/private-or-clear"
Nov 25 15:40:33 nscp32 pluto[4387]: loading group
"/etc/ipsec.d/policies/clear"
Nov 25 15:40:33 nscp32 pluto[4387]: loading group
"/etc/ipsec.d/policies/clear-or-private"
Nov 25 15:40:33 nscp32 pluto[4387]: loading group
"/etc/ipsec.d/policies/block"
Nov 25 15:40:55 nscp32 pluto[4387]: can not use our IP (130.91.48.158:TXT) as
identity: we don't know our own RSA key
Nov 25 15:41:00 nscp32 pluto[4387]: can not use our hostname
(@nscp32.physics.upenn.edu:TXT) as identity: we don't know our own RSA key
Nov 25 15:41:00 nscp32 pluto[4387]: can not use our IP (130.91.48.158:KEY) as
identity: we don't know our own RSA key


Donald Li