<div dir="ltr">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><font face="courier new,monospace">Hello everyone!</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace">The problem:</font></b><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace">I stack with a problem during Site-to-Site IPSec VPN setup between Ataro 8 and Centos 5.5 box.</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace">My problem is that I always failing signature check and so cannot reach and pass "STATE_MAIN_I3" phase.</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace">What do I have:</font></b><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace">Assume that on the "left" side I have a Centos 5.5 with Openswan 2.6.21 using NSS database that should use only RSA authentication mechanism sitting on the 10.170.2.150 IP with subnet mask 255.255.255.0</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace">On the "right" side there is an Astaro ASG8 that should communicate with a Centos from the right side using Site-to-Site IPSec VPN sitting on 10.170.2.100 IP with the same subnet mask.</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font><font face="courier new,monospace"><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
</font></span></span><div><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace">Current Setup And Debug Info:</font></b></span></span><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace"><br>
</font></b></span></span><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><font face="courier new,monospace">This my NSS DB (all listed certificates are also present in ASG) ("certutil -L -d /etc/ipsec.d/"):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Certificate Nickname Trust Attributes</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> SSL,S/MIME,JAR/XPI</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Local X509 Cert (regenerated) u,u,u</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">vpnca CTu,Cu,Cu</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Centos u,u,u</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">This is CA for both machines ("certutil -L -n vpnca -d /etc/ipsec.d/")</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Certificate:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Data:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Version: 3 (0x2)</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Serial Number:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 00:93:51:47:31</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Issuer: "CN=vpnca"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Validity:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Not Before: Sun Jan 23 21:33:00 2011</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Not After : Mon Jan 23 21:33:00 2012</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Subject: "CN=vpnca"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Subject Public Key Info:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Public Key Algorithm: PKCS #1 RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> RSA Public Key:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Modulus:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> c6:69:51:2a:df:91:22:62:ad:3d:ef:c8:95:4c:e2:63:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 48:05:67:e3:7e:41:b6:1a:76:6b:44:8d:1c:98:af:72:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 0a:b3:6e:57:10:77:b8:04:84:de:c0:b7:d4:c9:56:c5:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 50:a7:8f:00:ad:a8:97:7d:5b:37:49:ac:82:c3:84:c4:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 9b:33:76:a6:b8:2d:0e:04:15:26:a3:2c:92:b9:83:71:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> d1:41:ca:c4:96:87:c6:6e:1d:84:59:2a:3a:b3:b0:2e:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 24:42:95:98:80:70:63:6e:8a:d5:cd:7f:76:b5:e6:09:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 71:f7:cb:cd:98:8b:2c:67:ee:bb:84:fd:fc:8a:a6:ed</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Exponent: 65537 (0x10001)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 50:6d:2c:fe:63:d4:39:4e:86:97:ae:5f:dc:49:cc:56:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> d9:d1:63:06:f9:65:94:50:e1:25:4b:45:84:4e:af:4a:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 6c:ea:24:13:73:87:29:b1:e4:f6:05:68:98:7f:00:4d:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 90:23:c3:0a:99:9a:39:d2:10:95:a4:3c:02:b7:0a:4e:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 6f:ba:c1:25:62:b1:7f:d1:c4:63:64:0b:4d:a9:b2:35:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 45:87:67:fa:f0:92:e9:46:e0:ce:19:df:2f:c1:e2:61:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 11:f2:1d:af:5c:02:03:77:ff:db:c7:c9:cc:05:fe:ec:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 1c:be:bd:ca:48:c7:49:c3:50:3e:ae:91:b5:06:cd:61</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (MD5):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> AD:E2:31:01:8D:35:E5:04:D4:36:B9:94:3E:95:B1:CC</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (SHA1):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> BD:66:83:85:D5:1F:E8:FD:E6:00:CE:E9:E7:69:C1:20:07:74:E7:04</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Certificate Trust Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> SSL Flags:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Valid CA</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Trusted CA</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Trusted Client CA</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Email Flags:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Valid CA</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Trusted CA</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Object Signing Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Valid CA</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Trusted CA</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">This is Centos certificate ("certutil -L -n Centos -d /etc/ipsec.d/")</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Certificate:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Data:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Version: 3 (0x2)</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Serial Number:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 00:93:68:26:a7</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Issuer: "CN=vpnca"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Validity:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Not Before: Tue Feb 01 23:51:23 2011</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Not After : Wed Feb 01 23:51:23 2012</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Subject: "CN=Centos"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Subject Public Key Info:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Public Key Algorithm: PKCS #1 RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> RSA Public Key:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Modulus:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> da:0c:fb:8d:30:2d:ae:51:99:e0:e5:c0:a3:47:b7:72:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 0b:17:bf:bc:8e:5d:84:92:08:56:2e:db:0c:6a:a1:32:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> b3:ed:6b:f5:69:5c:d8:10:77:7b:8f:1f:aa:4c:44:a1:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> c0:f3:3f:23:04:a3:f3:af:30:dd:f6:2a:80:cf:8a:e5:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 16:4b:24:4d:2c:67:b0:fb:04:7c:21:93:38:79:32:75:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> a7:03:19:88:57:ac:01:13:7c:6d:50:a6:10:a6:2f:1e:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> b2:93:8a:ae:c0:1d:56:58:96:9d:ec:eb:42:e0:f7:41:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 96:56:bc:9b:ec:5b:13:c8:33:65:bd:53:2f:4c:b3:5d</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Exponent: 65537 (0x10001)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 17:4d:f6:4f:9e:90:36:72:da:89:83:34:1b:dc:e2:90:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 2d:05:f4:67:c3:55:96:d4:e4:a3:a0:6c:b2:bb:1d:86:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 55:bc:e4:36:d6:a4:aa:f5:38:55:48:e6:b1:38:eb:20:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 9d:df:25:6b:dc:0e:fc:98:df:19:12:2a:07:ea:b4:e5:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> f3:af:28:0f:23:12:0f:ad:7d:8e:21:8a:55:2c:d3:48:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 42:9e:e3:97:f9:f6:ce:9b:8d:bc:16:1d:3d:fc:24:fb:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 4c:c1:43:0f:d6:9a:e5:e6:85:77:6d:e9:1a:6d:f0:5e:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 2b:8f:8f:80:47:ca:4b:f4:25:6e:08:b0:26:86:aa:43</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (MD5):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> A2:51:89:61:6D:3D:BA:82:70:11:48:E5:15:96:DF:C5</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (SHA1):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 4F:B5:7A:53:62:D6:B4:A0:34:83:E3:26:A6:A8:DB:68:82:1B:61:23</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Certificate Trust Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> SSL Flags:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Email Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Object Signing Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">This is ASG certificate ("certutil -L -n 'Local X509 Cert (regenerated)' -d /etc/ipsec.d/")</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Certificate:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Data:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Version: 3 (0x2)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Serial Number: 5376 (0x1500)</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Issuer: "CN=vpnca"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Validity:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Not Before: Tue Feb 01 15:01:24 2011</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Not After : Mon Jan 23 21:33:23 2012</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Subject: "E=<a href="mailto:censored@censored.com">censored@censored.com</a>,CN=astaro"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Subject Public Key Info:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Public Key Algorithm: PKCS #1 RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> RSA Public Key:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Modulus:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> b4:ad:ec:66:ed:54:df:29:90:19:59:92:c9:18:cb:87:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> df:44:e6:f5:93:cc:a0:62:70:26:92:83:3b:49:e3:5c:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 46:ee:d6:77:58:82:60:e2:99:98:00:35:51:aa:7d:d2:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 21:8d:92:5b:fe:71:ec:ad:99:43:52:c2:af:7d:2c:9b:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> a9:30:33:23:f8:90:4c:e8:20:36:b8:eb:95:4b:db:c8:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> b0:6b:52:e5:e4:85:06:5a:08:cb:f2:10:88:c3:0e:f1:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> de:f4:cd:72:14:cc:c0:15:04:54:b1:5c:9e:86:1d:e8:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> c1:f9:f7:24:11:94:93:5b:f2:48:67:41:f4:c0:57:0d</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Exponent: 65537 (0x10001)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Signed Extensions:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Name: Certificate Subject Key ID</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Data:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 11:1e:4a:b8:1b:29:d3:95:3b:70:e0:66:55:55:4a:9e:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 2a:d8:db:51</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Name: Certificate Authority Key Identifier</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Issuer:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Directory Name: "CN=vpnca"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Serial Number:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 00:93:51:47:31</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Name: Certificate Subject Alt Name</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> DNS name: "astaro"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Name: Certificate Basic Constraints</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Data: Is not a CA.</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Name: Certificate Key Usage</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Usages: Digital Signature</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Non-Repudiation</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Key Encipherment</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> Signature:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 2c:95:f0:fa:f6:6b:1e:c8:df:32:82:f4:33:14:9f:0f:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> c9:fc:8b:94:9e:a3:82:65:dc:38:c2:19:1c:b1:10:92:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 6f:16:f4:84:86:b7:aa:c5:44:c5:2b:62:08:b1:58:19:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 19:e3:e7:95:d3:6d:eb:37:f2:07:28:85:d6:3d:a0:75:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 93:6f:07:96:cf:46:2b:8c:37:96:6f:de:ad:96:0b:57:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> a3:0e:8a:44:83:ac:62:76:24:25:3a:b6:34:23:04:cc:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> 0f:cc:f5:22:f6:be:10:60:9f:01:96:87:c6:f9:42:72:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 56:c2:10:b1:9e:86:db:51:37:cd:a0:fb:8a:ab:ea:56</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (MD5):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> E3:F4:01:E2:E7:50:55:E8:B6:4E:C2:06:24:F8:2A:B8</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Fingerprint (SHA1):</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> 6D:54:F2:3C:36:23:3A:CA:54:07:1F:25:41:42:8D:A5:C1:81:D1:C3</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Certificate Trust Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> SSL Flags:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Email Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> Object Signing Flags:</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> User</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace">After running "ipsec auto --rereadall ; ipsec showhostkey --right ; ipsec showhostkey --left" this is what I get</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">ipsec showhostkey nss directory showhostkey: /etc/ipsec.d</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> # rsakey AwEAAcZpU</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rightrsasigkey=0sAwEAAcZpUSrfkSJirT3vyJVM4mNIBWfjfkG2GnZrRI0cmK9yCrNuVxB3uASE3sC31MlWxVCnjwCtqJd9WzdJrILDhMSbM3amuC0OBBUmoyySuYNx0UHKxJaHxm4dhFkqOrOwLiRClZiAcGNuitXNf3a15glx98vNmIssZ+67hP38iqbt</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">ipsec showhostkey nss directory showhostkey: /etc/ipsec.d</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> # rsakey AwEAAcZpU</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftrsasigkey=0sAwEAAcZpUSrfkSJirT3vyJVM4mNIBWfjfkG2GnZrRI0cmK9yCrNuVxB3uASE3sC31MlWxVCnjwCtqJd9WzdJrILDhMSbM3amuC0OBBUmoyySuYNx0UHKxJaHxm4dhFkqOrOwLiRClZiAcGNuitXNf3a15glx98vNmIssZ+67hP38iqbt</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">While the real ASG RSA local key is:</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">0sAQPAo14xragRJ2/DA0HJSmmeOjeFz1NtPituw3UFrKsPg2VIPKRteL1rZkmKOPkAgg5BC/3okIKZ4pW4SgA5G5TXVlgNgyG4dN5vwBD0fcMI2kzuvadcATQImMjYze3z7HP7yeOeP7eGfuxYaKMsVvheUfIYg9G5XY4fmgmP6/R8sQ==</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">This is ipsec.conf on the "left" side (Centos 5.5)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">conn linux-to-linux</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> left=10.170.2.150</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftid="CN=Centos"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftrsasigkey=%cert</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftcert=Centos</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> right=10.170.2.100</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> rightid="CN=astaro, E=<a href="mailto:censored@censored.com">censored@censored.com</a>"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rightrsasigkey=%cert</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> rightcert="Local X509 Cert (regenerated)"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> type="tunnel"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> auto=start</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">This is ipsec.secrets on the "left" side (Centos 5.5)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">: RSA vpnca</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">This is ipsec.conf on the "right" side (Astaro (ASG 8)) that I get after setting up tunnel via ASG WebAdmin</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">#/etc/ipsec.conf - strongSwan IPsec configuration file</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">config setup</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> charonstart="no"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> plutodebug="none"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> uniqueids="no"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> nocrsend="yes"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> nat_traversal="yes"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> keep_alive="60"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> crlcheckinterval="0"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> strictcrlpolicy="no"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> probe_psk="no"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">conn %default</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rekeyfuzz="100%"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> keyingtries="0"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftsendcert="always"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> dpddelay="30"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> dpdtimeout="120"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> dpdaction="restart"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace"># Centos-VPN</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">conn S_REF_eSpQByGRud_0</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> authby="rsasig"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> auto="start"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> compress="no"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> esp="aes256-md5"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> ike="aes256-md5-modp1536"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> ikelifetime="7800"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> keyexchange="ike"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> keylife="3600"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> left="10.170.2.100"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftcert="/etc/ipsec.d/certs/REF_EhOPWqyoef.pem"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftid="@astaro"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftrsasigkey="%cert"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftsourceip="10.170.2.100"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftsubnet="<a href="http://10.170.2.100/32">10.170.2.100/32</a>"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftupdown="/usr/libexec/ipsec/updown strict"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> pfs="no"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rekeymargin="540"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> right="10.170.2.150"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rightid="CN=Centos"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> rightrsasigkey="%cert"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> rightsubnet="<a href="http://10.170.2.0/24">10.170.2.0/24</a>"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> type="tunnel"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br></font><font face="courier new,monospace">conn X_REF_eSpQByGRud_0</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> authby="never"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> auto="route"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> left="10.170.2.100"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> leftsubnet="<a href="http://10.170.2.100/32">10.170.2.100/32</a>"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> leftupdown="/bin/sh -c true"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> right="255.255.255.255"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"> rightsubnet="<a href="http://10.170.2.100/32">10.170.2.100/32</a>"</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"> type="passthrough"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br></font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Log on the left side</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Feb 2 02:32:53 SERVER-ONE ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Feb 2 02:32:53 SERVER-ONE ipsec__plutorun: 002 loading certificate from Centos</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Feb 2 02:32:53 SERVER-ONE ipsec__plutorun: 002 loading certificate from Local X509 Cert (regenerated)</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Feb 2 02:32:53 SERVER-ONE ipsec__plutorun: 002 added connection description "linux-to-linux"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">Feb 2 02:32:53 SERVER-ONE ipsec__plutorun: 104 "linux-to-linux" #1: STATE_MAIN_I1: initiate</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">Log on the right side</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: initiating Main Mode</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: added connection description "X_Centos-VPN"</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: ignoring Vendor ID payload [4f457e717f6b5a4e727d576b]</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: received Vendor ID payload [Dead Peer Detection]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: received Vendor ID payload [RFC 3947]</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: enabling possible NAT-traversal with method 3</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: NAT-Traversal: Result using RFC 3947: no NAT detected</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: we have a cert and are sending it</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: next payload type of ISAKMP Hash Payload has an unknown value: 234</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:40 astaro pluto[5024]: "S_Centos-VPN" #1: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:50 astaro pluto[5024]: "S_Centos-VPN" #1: discarding duplicate packet; already STATE_MAIN_I3</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:50 astaro pluto[5024]: "S_Centos-VPN" #1: next payload type of ISAKMP Hash Payload has an unknown value: 252</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:50 astaro pluto[5024]: "S_Centos-VPN" #1: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: ignoring Vendor ID payload [4f457e717f6b5a4e727d576b]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: received Vendor ID payload [Dead Peer Detection]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: received Vendor ID payload [RFC 3947]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: packet from <a href="http://10.170.2.150:500">10.170.2.150:500</a>: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: "S_Centos-VPN" #2: responding to Main Mode</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: "S_Centos-VPN" #2: NAT-Traversal: Result using RFC 3947: no NAT detected</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:30:55 astaro pluto[5024]: "S_Centos-VPN" #2: Informational Exchange message must be encrypted</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:05 astaro pluto[5024]: "S_Centos-VPN" #2: Informational Exchange message must be encrypted</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:10 astaro pluto[5024]: "S_Centos-VPN" #1: discarding duplicate packet; already STATE_MAIN_I3</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:10 astaro pluto[5024]: "S_Centos-VPN" #1: next payload type of ISAKMP Hash Payload has an unknown value: 183</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:10 astaro pluto[5024]: "S_Centos-VPN" #1: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:25 astaro pluto[5024]: "S_Centos-VPN" #2: Informational Exchange message must be encrypted</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #1: starting keying attempt 2 of an unlimited number</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: initiating Main Mode to replace #1</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: ignoring Vendor ID payload [4f457e717f6b5a4e727d576b]</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: received Vendor ID payload [Dead Peer Detection]</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: received Vendor ID payload [RFC 3947]</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: enabling possible NAT-traversal with method 3</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: NAT-Traversal: Result using RFC 3947: no NAT detected</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: we have a cert and are sending it</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: next payload type of ISAKMP Hash Payload has an unknown value: 43</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:31:50 astaro pluto[5024]: "S_Centos-VPN" #3: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:32:00 astaro pluto[5024]: "S_Centos-VPN" #3: discarding duplicate packet; already STATE_MAIN_I3</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:32:00 astaro pluto[5024]: "S_Centos-VPN" #3: next payload type of ISAKMP Hash Payload has an unknown value: 249</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:32:00 astaro pluto[5024]: "S_Centos-VPN" #3: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:32:05 astaro pluto[5024]: "S_Centos-VPN" #2: max number of retransmissions (2) reached STATE_MAIN_R2</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:32:20 astaro pluto[5024]: "S_Centos-VPN" #3: discarding duplicate packet; already STATE_MAIN_I3</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">2011:02:01-20:32:20 astaro pluto[5024]: "S_Centos-VPN" #3: next payload type of ISAKMP Hash Payload has an unknown value: 38</font><font face="courier new,monospace"><br>
</font><font face="courier new,monospace">2011:02:01-20:32:20 astaro pluto[5024]: "S_Centos-VPN" #3: malformed payload in packet</font><font face="courier new,monospace"><br></font><font face="courier new,monospace">---------------------------------------------------------------------------------------------------</font><font face="courier new,monospace"><br>
</font></span></span></div><div><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace"><br>
</font></b></span></span></div><div><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: 13px; font-weight: bold; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; "><font face="courier new,monospace">What Do I Need:</font><font face="courier new,monospace"><br>
</font></b></span></span></div><font face="courier new,monospace">
</font><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: collapse; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif; font-size: 13px; -webkit-border-horizontal-spacing: 1px; -webkit-border-vertical-spacing: 1px; "><div id="post_message_164923" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; outline-width: 0px; outline-style: none; outline-color: initial; font-size: 13px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Verdana, sans-serif !important; max-width: 940px !important; ">
<font face="courier new,monospace">Please guide me (at least in theory) how to setup RSA certificates in my case.</font></div></span></span><br></div>