[Openswan Users] Openswan 2.2 and Safenet Client

Andreas Steffen andreas.steffen at strongsec.net
Fri Nov 19 19:50:42 CET 2004


Hi Alexander

   reqca=0

means that your Openswan gateway does not possess a certificate
issued by the CA that the client is requesting by means of a
Certificate Request (CR) message. This failure could have two
reasons:

  - the SafeNet client's and the Openswan gateway's certificates
    were not issued by the same Certification Authority.

  - the Openswan's certificate firewall2.pem was not successfully
    loaded. The command

       ipsec auto --listcerts

    should show the certificate. If this is not the case, look
    for error messages in the log file.

Regards

Andreas

Alexander Hellkuhl wrote:
> Hi,
> 
> I'm trying to connect with a Safenet Client to a Debian Router with
> Openswan 2.2 installed. The Client is not accepted. What means reqca=0 ?
> 
> Regards Alexander
> 
> Nov 18 15:21:00 firewall pluto[2819]: | refine_connection: checking
> roadwarrior against roadwarrior, best=(none) with
> match=0(id=1/ca=1/reqca=0)
> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx #1:
> no 5suitable connection for peer 'my at email.de'
> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx #1:
> sending encrypted notification INVALID_ID_INFORMATION to
> xxx.xxx.xxx.xxx:500
> 
> 
> conn roadwarrior
>         authby=rsasig
>         left=%any
>         leftid=my at email.de
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
>         right=xxx.xxx.xxx.xxx
>         rightcert=firewall2.pem
>         auto=add
>         pfs=yes
>
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


More information about the Users mailing list