Ri - Hello,<br><br>Cancel all my problem. I explain my situation: i would configure an server with openswan that client that have windows xp , windows mobile, linux connect it and mac tiger. Now work all, my error are of creation of certificate.<br>
<br>I have a last problem (I hope), the connection beetwen macOS Tiger with my debian openswan server. I have read a question that are in your site for this case i have added at my openssl.cnf this line:<br><br>extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth<br>
subjectAltName=IP:<a href="http://172.31.1.192">172.31.1.192</a><br><br>but don't work the error is this:<br><br>Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: responding to Main Mode from unknown peer <a href="http://172.31.1.22">172.31.1.22</a><br>
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: STATE_MAIN_R1: sent MR1, expecting MI2<br>
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: ignoring Vendor ID payload [KAME/racoon]<br>Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: STATE_MAIN_R2: sent MR2, expecting MI3<br>Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Italia, O=bla, OU=bla, CN=bla, E=<a href="mailto:bla@bla.it">bla@bla.it</a>'<br>
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[1] <a href="http://172.31.1.22">172.31.1.22</a> #3: switched from "roadwarriormac2" to "roadwarriormac2"<br>Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: deleting connection "roadwarriormac2" instance with peer <a href="http://172.31.1.22">172.31.1.22</a> {isakmp=#0/ipsec=#0}<br>
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: I am sending my cert<br>Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br>
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: ignoring informational payload, type INVALID_CERT_AUTHORITY<br>Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: received and ignored informational message<br>
Feb 28 09:59:12 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3<br>Feb 28 09:59:21 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3<br>
Feb 28 09:59:31 vpnserver pluto[6867]: "roadwarriormac2"[2] <a href="http://172.31.1.22">172.31.1.22</a> #3: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3<br>Feb 28 09:59:51 vpnserver last message repeated 2 times<br>
Feb 28 10:17:01 vpnserver CRON[7038]: (pam_unix) session opened for user root by (uid=0)<br>Feb 28 10:17:01 vpnserver CRON[7038]: (pam_unix) session closed for user root<br><br>Where i Wrong?<br><br>thanks!<br><br><div class="gmail_quote">
On Sun, Feb 24, 2008 at 10:11 AM, Jacco de Leeuw <<a href="mailto:jacco2@dds.nl">jacco2@dds.nl</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Denis Beltramo wrote:<br>
<br>
> Sorry if don't respond immediatly but I have been out of home.<br>
> Now work, my error is wrong pass for cert file.<br>
> But now I have the ultimate problem... windows use the wrong<br>
> certificate.<br>
<br>
</div>What do you mean, it uses the wrong certificate? Is this desktop<br>
Windows or Windows Mobile? If you remove all spurious personal<br>
certificates it should always pick the remaining one.<br>
<br>
And did you also try with a PSK instead of certificates and<br>
without NAT? This is to find out if there is an MTU problem.<br>
<div><div></div><div class="Wj3C7c"><br>
Jacco<br>
--<br>
Jacco de Leeuw mailto:<a href="mailto:jacco2@dds.nl">jacco2@dds.nl</a><br>
Zaandam, The Netherlands <a href="http://www.jacco2.dds.nl" target="_blank">http://www.jacco2.dds.nl</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Denis Beltramo