[Openswan Users] no connection authorized...

Eric S. Johansson esj at harvee.org
Wed Dec 8 11:31:56 CET 2004 

Jacco de Leeuw wrote:
> Eric S. Johansson wrote:
> 
>> I'm running two IPCop systems (openswan 1.0.7) with road warrior VPNs.
> 
>  > The first system will connect to the Windows PC road warrior just fine.
> 
>>
>> Dec  7 17:18:51 t2cop pluto[31146]: packet from 68.194.142.248:500: 
>> initial Main Mode message received on 69.18.163.107:5
>> 00 but no connection has been authorized with policy=RSASIG 
> 
> 
> Perhaps this second IPcop server is configured for Preshared Keys?
> Or check the startup messages in /var/log/messages to see if your
> certificates are rejected for some reason.

second one has been set up with certificates only, and with a PSK VPN as 
well.  My instance (which works) has an active psk network to network 
VPN in addition to the certificate based road warrior VPN.  Both systems 
have identical startup sequences including a puzzling statement of error 
  in certificate without any details.  But this happens on both systems, 
the one that works and one that doesn't.  Very puzzling. see ==>

Dec  7 18:20:46 ipcop pluto[3084]: Starting Pluto (Openswan Version 1.0.7)
Dec  7 18:20:46 ipcop pluto[3084]:   including X.509 patch with traffic 
selectors (Version 0.9.42)
Dec  7 18:20:46 ipcop pluto[3084]:   including NAT-Traversal patch 
(Version 0.6)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_AES_CBC: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_CAST_CBC: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_SERPENT_CBC: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_hash(): Activating 
OAKLEY_SHA2_256: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_hash(): Activating 
OAKLEY_SHA2_512: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: ike_alg_register_enc(): Activating 
OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Dec  7 18:20:46 ipcop pluto[3084]: Changing to directory 
'/etc/ipsec.d/cacerts'
Dec  7 18:20:46 ipcop pluto[3084]:   loaded cacert file 'cakey.pem' 
(1679 bytes)
==>Dec  7 18:20:46 ipcop pluto[3084]:   error in X.509 certificate
Dec  7 18:20:46 ipcop pluto[3084]:   loaded cacert file 'cacert.pem' 
(1753 bytes)
Dec  7 18:20:46 ipcop pluto[3084]: Changing to directory '/etc/ipsec.d/crls'
Dec  7 18:20:46 ipcop pluto[3084]:   loaded crl file 'cacrl.pem' (731 bytes)
Dec  7 18:20:46 ipcop pluto[3084]: OpenPGP certificate file 
'/etc/pgpcert.pgp' not found
Dec  7 18:20:48 ipcop pluto[3084]: | from whack: got --esp=3des
Dec  7 18:20:48 ipcop pluto[3084]: | from whack: got --ike=3des
Dec  7 18:20:48 ipcop pluto[3084]:   loaded host cert file 
'/var/ipcop/certs/hostcert.pem' (1541 bytes)
Dec  7 18:20:48 ipcop pluto[3084]:   loaded host cert file 
'/var/ipcop/certs/ronlaptopcert.pem' (1537 bytes)
Dec  7 18:20:48 ipcop pluto[3084]: added connection description "ronlaptop"
Dec  7 18:20:49 ipcop pluto[3084]: | from whack: got --esp=3des
Dec  7 18:20:49 ipcop pluto[3084]: | from whack: got --ike=3des
Dec  7 18:20:49 ipcop pluto[3084]: added connection description 
"ka1eec2es5rv"
Dec  7 18:20:49 ipcop pluto[3084]: listening for IKE messages
Dec  7 18:20:49 ipcop pluto[3084]: adding interface ipsec0/eth2 
66.93.191.107
Dec  7 18:20:49 ipcop pluto[3084]: adding interface ipsec0/eth2 
66.93.191.107:4500
Dec  7 18:20:49 ipcop pluto[3084]: loading secrets from "/etc/ipsec.secrets"
Dec  7 18:20:49 ipcop pluto[3084]:   loaded private key file 
'/var/ipcop/certs/hostkey.pem' (887 bytes)


-- 
"Part of the problem with the Wal-Mart business model is that it
requires more poverty in order to grow."

http://www.salon.com/mwt/feature/2004/11/22/wal_mart/print.html

More information about the Users mailing list