[Openswan Users] path to madness
Paul Wouters
paul at xelerance.com
Fri Dec 17 01:35:05 CET 2004
On Thu, 16 Dec 2004, Eric S. Johansson wrote:
> Dec 16 17:29:53 t2cop pluto[662]: packet from 68.194.142.248:500: initial
> Main Mode message received on 69.18.163.107:500 but no connection has been
> authorized with policy=RSASIG
>
> and I find it's frustrating that even with plutodebug=all, I don't get
> anywhere near sufficient debugging information to tell me what's going on (or
> at least in the form I can recognize).
>
> My interpretation of what's going on is that something about the client side
> certificate is not right.
certificates are rsasig based, so you need auth=rsasig. The above error
says you are likely using auth=secret instead.
> my expectation is that something will be able to tell me that the client
> ascending "this" ID and the firewall is expecting "that" ID so I can try to
> figure out why there's no match.
It is.
69.18.163.107 received an incoming request from 68.194.142.248 to build up
an ispec tunnel. However, 68.194.142.248 requested uses rsasig, while
69.18.163.107 has no matching connection for this. you are likely having
something like:
conn name
left=69.18.163.107
right=68.194.142.248
authby=secret
[...]
You need to use authby=rsasig.
If you did not specify any authby=, then check conn %default for one.
Paul
--
Math is case-sensitive
--- Ian Goldberg
More information about the Users
mailing list