[Openswan Users] Openswan 2.2 and Safenet Client
Andreas Steffen
andreas.steffen at strongsec.net
Fri Nov 19 19:50:42 CET 2004
Hi Alexander
reqca=0
means that your Openswan gateway does not possess a certificate
issued by the CA that the client is requesting by means of a
Certificate Request (CR) message. This failure could have two
reasons:
- the SafeNet client's and the Openswan gateway's certificates
were not issued by the same Certification Authority.
- the Openswan's certificate firewall2.pem was not successfully
loaded. The command
ipsec auto --listcerts
should show the certificate. If this is not the case, look
for error messages in the log file.
Regards
Andreas
Alexander Hellkuhl wrote:
> Hi,
>
> I'm trying to connect with a Safenet Client to a Debian Router with
> Openswan 2.2 installed. The Client is not accepted. What means reqca=0 ?
>
> Regards Alexander
>
> Nov 18 15:21:00 firewall pluto[2819]: | refine_connection: checking
> roadwarrior against roadwarrior, best=(none) with
> match=0(id=1/ca=1/reqca=0)
> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx #1:
> no 5suitable connection for peer 'my at email.de'
> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx #1:
> sending encrypted notification INVALID_ID_INFORMATION to
> xxx.xxx.xxx.xxx:500
>
>
> conn roadwarrior
> authby=rsasig
> left=%any
> leftid=my at email.de
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> right=xxx.xxx.xxx.xxx
> rightcert=firewall2.pem
> auto=add
> pfs=yes
>
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list