[Openswan Users] path to madness

Paul Wouters paul at xelerance.com
Fri Dec 17 01:35:05 CET 2004

On Thu, 16 Dec 2004, Eric S. Johansson wrote:

> Dec 16 17:29:53 t2cop pluto[662]: packet from initial 
> Main Mode message received on but no connection has been 
> authorized with policy=RSASIG
> and I find it's frustrating that even with plutodebug=all, I don't get 
> anywhere near sufficient debugging information to tell me what's going on (or 
> at least in the form I can recognize).
> My interpretation of what's going on is that something about the client side 
> certificate is not right.

certificates are rsasig based, so you need auth=rsasig. The above error
says you are likely using auth=secret instead.

> my expectation is that something will be able to tell me that the client 
> ascending "this" ID and the firewall is expecting "that" ID so I can try to 
> figure out why there's no match.

It is. received an incoming request from to build up
an ispec tunnel. However, requested uses rsasig, while has no matching connection for this. you are likely having
something like:

conn name

You need to use authby=rsasig.
If you did not specify any authby=, then check conn %default for one.

    Math is case-sensitive
                             --- Ian Goldberg

More information about the Users mailing list