<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
<br>I am trying to establish a connection between an OepnSWAN 2.6.19 client and a Netgear FVS338 VPN firewall using certificates. I have my CA cert loaded on the Netgear, as well as a self signed certificate generated from a cerficate request on the Netgear. On the OpenSWAN side I have the CA cert loaded, and a corresponding client cert & private key. When I try to establish a connection from OpenSWAN to the Netgear, I get the following: <br><br>sh-2.05b# ipsec whack --initiate --asynchronous --name vpn_tunnel<br>pluto[2513]: "vpn_tunnel" #1: initiating Main Mode<br>002 "vpn_tunnel" #1: initiating Main Mode<br>104 "vpn_tunnel" #1: STATE_MAIN_I1: initiate<br>sh-2.05b# pluto[2513]: "vpn_tunnel" #1: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]<br>pluto[2513]: "vpn_tunnel" #1: ignoring Vendor ID payload [KAME/racoon]<br>pluto[2513]: "vpn_tunnel" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>pluto[2513]: "vpn_tunnel" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>pluto[2513]: "vpn_tunnel" #1: ignoring Vendor ID payload [KAME/racoon]<br>pluto[2513]: "vpn_tunnel" #1: I am sending my cert<br>pluto[2513]: "vpn_tunnel" #1: I am sending a certificate request<br>pluto[2513]: "vpn_tunnel" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>pluto[2513]: "vpn_tunnel" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>pluto[2513]: "vpn_tunnel" #1: Main mode peer ID is ID_IPV4_ADDR: '130.168.1.2'<br>pluto[2513]: "vpn_tunnel" #1: no crl from issuer "C=US, ST=Florida, O=Corp, OU=CommGroup, CN=Device" found (strict=no)<br>pluto[2513]: "vpn_tunnel" #1: no RSA public key known for '130.168.1.2'<br>pluto[2513]: "vpn_tunnel" #1: sending encrypted notification INVALID_KEY_INFORMATION to 130.168.1.2:500<br><br><br>I am not sure why I see an error for "no RSA public key". The client cert I have loaded on openSWAN contains a public key. Any help is appreciated! <br><br>marcos<br><br><br /><hr />Windows Live™: Keep your life in sync. <a href='http://windowslive.com/explore?ocid=TXT_TAGLM_BR_life_in_synch_052009' target='_new'>Check it out.</a></body>
</html>