[Openswan Users] no RSA public key known for 'C=..., O=..., CN=...'

Nicole Hähnel nicole.haehnel at epost.de
Mon Jun 28 17:36:39 CEST 2004


Hi,

I have the same problem.

I updated from freeswan 2.05 to openswan 2.1.1 (also 2.1.2).
Configs on both gateways are still the same.

With freeswan it works, with openswan it works not.

One gateway server (vpn1) has a static ip and the other ip (vpn2) is 
dynamic (dialin).

error vpn1:

no RSA public key known for 'C=DE, ST=Hessen, L=Frankfurt.......

eroor vpn2:

encrypted Informational Exchange message is invalid because it is for 
incomplete ISAKMP SA


I changed the configs to public RSA keys
(leftrsasigkey=0sAQOM53VkhlgAgF....)
and then it works.


Maybe openswan can't handle certs!?



Nicole


Graham Leggett wrote:

> Tuomo Soini wrote:
> 
>> Exactly what it does say. It can't match any connection entry with your
>> RSA public key because you had wrong id string.
> 
> 
> Does DNS play a role in all of this?
> 
> The certificate's CN is rachel.wired.co.za, but the name 
> rachel.wired.co.za resolves in the DNS to an address on the network 
> behind the roadwarrior (in fact, an address accessible via the VPN) 
> instead of the IP address of the roadwarrior itself (which is dynamic).
> 
> There are no messages from freeswan to indicate that it is doing a DNS 
> lookup, or that DNS names matter, but one needs to be certain.
> 
> Regards,
> Graham
> -- 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 



More information about the Users mailing list