[Openswan Users] X.509 cert problem
Glenn MacGregor
gtm at highstreetnetworks.com
Thu Mar 31 15:07:04 CEST 2005
Hi All,
I have just upgraded from the RedHat 8 to RHEL 4 (2.4 -> 2.6 kernel). My
configuration was working on RH8 it no longer works with RHEL. It seems to bomb
out early in the checking of the certs.
I created a CA then made 2 requests, one for the server and one for the client,
then signed them and changed their names.
When I connect now in the log I get:
216.204.2.10 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=Massachusetts,
L=Tewksbury, O=HighStreet Networks, CN=catamount'
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
deleting connection "roadwarrior-l2tp" instance with peer 216.204.2.10
{isakmp=#0/ipsec=#0}
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
I am sending my cert
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
sent MR3, ISAKMP SA established
Mar 31 13:49:35 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 31 13:49:36 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
cannot respond to IPsec SA request because no connection is known for
216.204.182.20[C=US, ST=Massachusetts, L=Tewksbury, O=HighStreet Networks,
CN=Glenn MacGregor, E=gtm at highstreetnetworks.com]:17/0...216.204.2.10[C=US,
ST=Massachusetts,
L=Tewksbury, O=HighStreet Networks, CN=catamount]:17/1701
Mar 31 13:49:36 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
sending encrypted notification INVALID_ID_INFORMATION to 216.204.2.10:500
The "cannot respond to IPsec SA..." line seem to be the offending issue. Did I
make the certs wrong? Is there something obvious here?
Thanks
Glenn
Glenn MacGregor
HighStreet Networks
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
More information about the Users
mailing list