[Openswan Users] Openswan and SoftRemote

Brian Daniels bdaniels at fpoint.com
Fri Mar 19 17:44:21 CET 2004 

Has anyone had success with Openswan and SoftRemote?  I've been trying for 
several days, but I cannot get them to authenticate.

I've been trying to follow the how-to at:
http://www.redbaronconsulting.com/freeswan/fswansafenet.pdf

updating it for openswan-2.1.0.  Here's what I get when I try to bring up 
the tunnel:

Mar 19 23:48:27 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: responding 
to Main Mode from unknown peer 207.69.12.205
Mar 19 23:48:27 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: transition 
from state (null) to state STATE_MAIN_R1
Mar 19 23:48:29 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: ignoring 
Vendor ID payload [47bbe7c993f1fc13...]
Mar 19 23:48:29 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: ignoring 
Vendor ID payload [da8e937880010000]
Mar 19 23:48:29 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: ignoring 
Vendor ID payload [Dead Peer Detection]
Mar 19 23:48:29 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: received 
Vendor ID payload [XAUTH]
Mar 19 23:48:29 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: ignoring 
informational payload, type IPSEC_REPLAY_STATUS
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: ignoring 
informational payload, type IPSEC_INITIAL_CONTACT
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: Peer ID is 
ID_DER_ASN1_DN: 'C=US, ST=North Carolina, L=Morrisville, O=FarPoint, 
OU=softremote, CN=softremote'
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: issuer crl 
not found
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: issuer crl 
not found
Mar 19 23:48:31 gate pluto[5842]: "brivai"[1] 207.69.12.205 #1: no suitable 
connection for peer 'C=US, ST=North Carolina, L=Morrisville, O=FarPoint, 
OU=softremote, CN=softremote'

I have the certificate for the softremote client in 
/etc/ipsec.d/certs/rw-cert.pem.  Looking at it with:
openssl x509 -in /etc/ipsec.d/certs/rw-cert.pem -noout -subject
subject= /C=US/ST=North 
Carolina/L=Morrisville/O=FarPoint/OU=softremote/CN=softremote
which seems to match the ID_DER_ASN1_DN being sent by the client.

My connection config is:
conn brivai
         # identity we use in authentication exchanges
         left=207.x.x.x
         # next hop to reach right
         leftnexthop=207.x.x.x
         # subnet behind left (omit if there is no subnet)
         leftsubnet=10.0.0.0/8
         # right s.g., subnet behind it, and next hop to reach left
         rightcert=rw-cert.pem
         right=%any
         auto=add
         pfs=yes
         keyexchange=ike

Any suggestions appreciated!  This is driving me nuts!

Thanks,
Brian Daniels
Brian Daniels
Network Administrator

------------------------------------------------------
FarPoint Technologies
808 Aviation Pkwy, Suite 1300
Morrisville, NC 27560
Phones:
Tech Support - 919-460-1887
Sales - 800-645-5913            Main - 919-460-4551
FTP - ftp.fpoint.com  /fpoint.com
WEB - www.fpoint.com
Sales email: fpsales at fpoint.com
Technical support: fpsupport at fpoint.com
-------------------------------------------------------

More information about the Users mailing list