[Openswan dev] X.509 in openswan

AntZ antzcn at gmail.com
Tue Nov 14 08:17:28 EST 2006


 Hi, everyone

 When I create X.509-based connections as the *
Packt.Publishing.Building.And.Integrating.Virtual.Private.Networks.With.Openswan.Jan.2006.pdf
*, it generate this error message:

Nov 14 12:58:35 localhost ipsec__plutorun: Starting Pluto subsystem...
Nov 14 12:58:35 localhost pluto[11364]: Starting Pluto (Openswan Version
2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID
OEN|EMqk_Mlg)
Nov 14 12:58:35 localhost pluto[11364]: Setting NAT-Traversal port-4500
floating to off
Nov 14 12:58:35 localhost pluto[11364]:    port floating activation criteria
nat_t=0/port_fload=1
Nov 14 12:58:35 localhost pluto[11364]:   including NAT-Traversal patch
(Version 0.6c) [disabled]
Nov 14 12:58:35 localhost pluto[11364]: WARNING: Open of /dev/hw_random
failed in init_rnd_pool(), trying alternate sources of random
Nov 14 12:58:35 localhost pluto[11364]: WARNING: Using /dev/urandom as the
source of random
Nov 14 12:58:35 localhost pluto[11364]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Nov 14 12:58:35 localhost pluto[11364]: no helpers will be started, all
cryptographic operations will be done inline
Nov 14 12:58:35 localhost pluto[11364]: Using KLIPS IPsec interface code on
2.6.15-prep
Nov 14 12:58:35 localhost pluto[11364]: Changing to directory
'/etc/ipsec.d/cacerts'
Nov 14 12:58:35 localhost pluto[11364]: Changing to directory
'/etc/ipsec.d/aacerts'
Nov 14 12:58:35 localhost pluto[11364]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Nov 14 12:58:35 localhost pluto[11364]: Changing to directory
'/etc/ipsec.d/crls'
Nov 14 12:58:35 localhost pluto[11364]:   Warning: empty directory
Nov 14 12:58:35 localhost pluto[11364]:   loaded host cert file
'/etc/ipsec.d/certs/east.cert' (1021 bytes)
Nov 14 12:58:35 localhost pluto[11364]:   loaded host cert file
'/etc/ipsec.d/certs/west.cert' (1021 bytes)
Nov 14 12:58:35 localhost pluto[11364]: added connection description
"subnet-subnet"
Nov 14 12:58:35 localhost pluto[11364]: listening for IKE messages
Nov 14 12:58:35 localhost pluto[11364]: adding interface ipsec0/eth0
172.16.1.121:500
Nov 14 12:58:35 localhost pluto[11364]: loading secrets from
"/etc/ipsec.secrets"
Nov 14 12:58:35 localhost pluto[11364]:   loaded private key file
'/etc/ipsec.d/private/west.key' (963 bytes)
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: initiating Main
Mode
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: received Vendor
ID payload [Openswan (this version) 2.4.6   X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: received Vendor
ID payload [Dead Peer Detection]
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: STATE_MAIN_I2:
sent MI2, expecting MR2
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: I am sending my
cert
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: I am sending a
certificate request
*Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: unable to
locate my private key for RSA Signature*
Nov 14 12:58:36 localhost pluto[11364]: "subnet-subnet" #1: sending
notification AUTHENTICATION_FAILED to 172.16.12.141:500
Nov 14 12:58:46 localhost pluto[11364]: "subnet-subnet" #1: I am sending my
cert
Nov 14 12:58:46 localhost pluto[11364]: "subnet-subnet" #1: I am sending a
certificate request
Nov 14 12:58:46 localhost pluto[11364]: "subnet-subnet" #1: unable to locate
my private key for RSA Signature
Nov 14 12:58:46 localhost pluto[11364]: "subnet-subnet" #1: sending
notification AUTHENTICATION_FAILED to 172.16.12.141:500
Nov 14 12:59:06 localhost pluto[11364]: "subnet-subnet" #1: I am sending my
cert
Nov 14 12:59:06 localhost pluto[11364]: "subnet-subnet" #1: I am sending a
certificate request
Nov 14 12:59:06 localhost pluto[11364]: "subnet-subnet" #1: unable to locate
my private key for RSA Signature
Nov 14 12:59:06 localhost pluto[11364]: "subnet-subnet" #1: sending
notification AUTHENTICATION_FAILED to 172.16.12.141:500


What's wrong with me? Thank you in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20061114/a8ab52fa/attachment.html 


More information about the Dev mailing list