[Openswan Users] Openswan 2.2 and Safenet Client
Alexander Hellkuhl
openswan at axel-h.de
Fri Nov 19 20:35:36 CET 2004
Hi Andreas,
The certificate was not successfully loaded. But there was no error
message in the log?! With a new certificate it works now. Thanks a lot.
Regards Alexander
> Hi Alexander
>
> reqca=0
>
> means that your Openswan gateway does not possess a certificate
> issued by the CA that the client is requesting by means of a
> Certificate Request (CR) message. This failure could have two
> reasons:
>
> - the SafeNet client's and the Openswan gateway's certificates
> were not issued by the same Certification Authority.
>
> - the Openswan's certificate firewall2.pem was not successfully
> loaded. The command
>
> ipsec auto --listcerts
>
> should show the certificate. If this is not the case, look
> for error messages in the log file.
>
> Regards
>
> Andreas
>
> Alexander Hellkuhl wrote:
>> Hi,
>>
>> I'm trying to connect with a Safenet Client to a Debian Router with
>> Openswan 2.2 installed. The Client is not accepted. What means reqca=0 ?
>>
>> Regards Alexander
>>
>> Nov 18 15:21:00 firewall pluto[2819]: | refine_connection: checking
>> roadwarrior against roadwarrior, best=(none) with
>> match=0(id=1/ca=1/reqca=0)
>> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx
>> #1:
>> no 5suitable connection for peer 'my at email.de'
>> Nov 18 15:21:00 firewall pluto[2819]: "roadwarrior"[1] xxx.xxx.xxx.xxx
>> #1:
>> sending encrypted notification INVALID_ID_INFORMATION to
>> xxx.xxx.xxx.xxx:500
>>
>>
>> conn roadwarrior
>> authby=rsasig
>> left=%any
>> leftid=my at email.de
>> leftrsasigkey=%cert
>> rightrsasigkey=%cert
>>
> right=xxx.xxx.xxx.xxx
>> rightcert=firewall2.pem
>> auto=add
>> pfs=yes
>>
> =======================================================================
> Andreas Steffen e-mail: andreas.steffen at strongsec.com
> strongSec GmbH home: http://www.strongsec.com
> Alter Zürichweg 20 phone: +41 1 730 80 64
> CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
> ==========================================[strong internet security]===
>
More information about the Users
mailing list