[Openswan Users] path to madness
paul at xelerance.com
Fri Dec 17 01:35:05 CET 2004
On Thu, 16 Dec 2004, Eric S. Johansson wrote:
> Dec 16 17:29:53 t2cop pluto: packet from 18.104.22.168:500: initial
> Main Mode message received on 22.214.171.124:500 but no connection has been
> authorized with policy=RSASIG
> and I find it's frustrating that even with plutodebug=all, I don't get
> anywhere near sufficient debugging information to tell me what's going on (or
> at least in the form I can recognize).
> My interpretation of what's going on is that something about the client side
> certificate is not right.
certificates are rsasig based, so you need auth=rsasig. The above error
says you are likely using auth=secret instead.
> my expectation is that something will be able to tell me that the client
> ascending "this" ID and the firewall is expecting "that" ID so I can try to
> figure out why there's no match.
126.96.36.199 received an incoming request from 188.8.131.52 to build up
an ispec tunnel. However, 184.108.40.206 requested uses rsasig, while
220.127.116.11 has no matching connection for this. you are likely having
You need to use authby=rsasig.
If you did not specify any authby=, then check conn %default for one.
Math is case-sensitive
--- Ian Goldberg
More information about the Users