[Openswan Users] Openswan 2.2 and Safenet Client

Alexander Hellkuhl openswan at axel-h.de
Fri Nov 19 20:35:36 CET 2004


Hi Andreas,

The certificate was not successfully loaded. But there was no error
message in the log?! With a new certificate it works now. Thanks a lot.

Regards Alexander

> Hi Alexander
>
>    reqca=0
>
> means that your Openswan gateway does not possess a certificate
> issued by the CA that the client is requesting by means of a
> Certificate Request (CR) message. This failure could have two
> reasons:
>
>   - the SafeNet client's and the Openswan gateway's certificates
>     were not issued by the same Certification Authority.
>
>   - the Openswan's certificate firewall2.pem was not successfully
>     loaded. The command
>
>        ipsec auto --listcerts
>
>     should show the certificate. If this is not the case, look
>     for error messages in the log file.
>
> Regards
>
> Andreas
>
> Alexander Hellkuhl wrote:
>> Hi,
>>
>> I'm trying to connect with a Safenet Client to a Debian Router with
>> Openswan 2.2 installed. The Client is not accepted. What means reqca=0 ?
>>
>> Regards Alexander
>>
>> Nov 18 15:21:00 firewall pluto[2819]: | refine_connection: checking
>> roadwarrior against roadwarrior, best=(none) with
>> match=0(id=1/ca=1/reqca=0)
>> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx
>> #1:
>> no 5suitable connection for peer 'my at email.de'
>> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx
>> #1:
>> sending encrypted notification INVALID_ID_INFORMATION to
>> xxx.xxx.xxx.xxx:500
>>
>>
>> conn roadwarrior
>>         authby=rsasig
>>         left=%any
>>         leftid=my at email.de
>>         leftrsasigkey=%cert
>>         rightrsasigkey=%cert
>>
> right=xxx.xxx.xxx.xxx
>>         rightcert=firewall2.pem
>>         auto=add
>>         pfs=yes
>>
> =======================================================================
> Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
> strongSec GmbH                    home:   http://www.strongsec.com
> Alter Zürichweg 20                phone:  +41 1 730 80 64
> CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
> ==========================================[strong internet security]===
>



More information about the Users mailing list