[Openswan Users] X.509 cert problem

[Glenn MacGregor]

Hi All,

I have just upgraded from the RedHat 8 to RHEL 4 (2.4 -> 2.6 kernel). My
configuration was working on RH8 it no longer works with RHEL. It seems to bomb
out early in the checking of the certs. 

I created a CA then made 2 requests, one for the server and one for the client,
then signed them and changed their names.

When I connect now in the log I get:

216.204.2.10 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=Massachusetts,
L=Tewksbury, O=HighStreet Networks, CN=catamount'
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
deleting connection "roadwarrior-l2tp" instance with peer 216.204.2.10
{isakmp=#0/ipsec=#0}
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
I am sending my cert
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 31 13:49:34 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
sent MR3, ISAKMP SA established
Mar 31 13:49:35 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 31 13:49:36 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
cannot respond to IPsec SA request because no connection is known for
216.204.182.20[C=US, ST=Massachusetts, L=Tewksbury, O=HighStreet Networks,
CN=Glenn MacGregor, E=gtm at highstreetnetworks.com]:17/0...216.204.2.10[C=US,
ST=Massachusetts,
L=Tewksbury, O=HighStreet Networks, CN=catamount]:17/1701
Mar 31 13:49:36 lab-xpress6 pluto[12874]: "roadwarrior-l2tp"[2] 216.204.2.10 #1:
sending encrypted notification INVALID_ID_INFORMATION to 216.204.2.10:500


The "cannot respond to IPsec SA..." line seem to be the offending issue. Did I
make the certs wrong? Is there something obvious here?


Thanks

Glenn

Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/