[Openswan Users] Signature check (on 172.22.67.104) failed (wrong key?); tried *AQOaBoHjT --- HELP

Tue Jan 10 12:51:14 CET 2006

Hi ,

I am new to Openswan.

I have 2 fedora 2.6 systmes with openswan-2.3.1 installed.

when i try create a connection between then i get the following error

============================================================================================================
Jan 10 12:39:02 aheesh_sys pluto[3787]: packet from 172.22.67.104:500:
received Vendor ID payload [Openswan (this version) 2.3.1 
X.509-1.5.4PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Jan 10 12:39:02 aheesh_sys pluto[3787]: packet from 172.22.67.104:500:
received Vendor ID payload [Dead Peer Detection]
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: responding to Main
Mode
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: Main mode peer ID
is ID_IPV4_ADDR: '172.22.67.104'
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: Signature check
(on 172.22.67.104) failed (wrong key?); tried *AQOaBoHjT
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: sending encrypted
notification INVALID_KEY_INFORMATION to 172.22.67.104:500
Jan 10 12:39:02 aheesh_sys pluto[3787]: "net-to-net" #97: failed to build
notification for spisize=0
Jan 10 12:39:04 aheesh_sys pluto[3787]: "net-to-net" #96: max number of
retransmissions (2) reached STATE_MAIN_R2
+ _________________________ date
+ date
Tue Jan 10 12:39:11 IST 2006
============================================================================================================

I am using RSA for the connection setup

============================================================================================================
 ipsec auto --listall
000
000 List of Public Keys:
000
000 Jan 10 11:11:13 2006, 2192 RSA Key AQOaBoHjT, until --- -- --:--:-- ----
ok (expires never)
000        ID_IPV4_ADDR '172.22.67.104'
000 Jan 10 11:11:13 2006, 2192 RSA Key AQPf+LfnS, until --- -- --:--:-- ----
ok (expires never)
000        ID_IPV4_ADDR '172.22.65.226'
============================================================================================================

What am i doing wrong.

This is my ipsec.conf file
============================================================================================================

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        interfaces=ipsec0=eth0

# Add connections here

conn net-to-net
    left=172.22.65.226                 # Local vitals
    leftsubnet=172.22.65.226/24
    spi=0x200
   # leftid=@xy.example.com         #
    #leftnexthop=%defaultroute      # correct in many situations

leftrsasigkey=0sAQPf+LfnS1brI1nyOB5/VkC4UKoDyJZogyWPugMOjJO7DnA6haD/GRC14t8HGXzPL8gJI0DnIl2y7TStT8SgB4bhOeVvetC2hnZc2vX0PrhYMBuc/rXLyGQXCnAezHXzDhD/a5Pc+SvP5OFX7qMiCsrt+6xAh7wAuDKURfra7iST9nD3MUv74Fq36p7fIvEwfT29zlJEnsSaVYhzuQlfW/VPpU6JN7Y4wQfVUgtgvd+jK3hhDa+1dtrwdv8748Zjm1VJmPBmpaWmRn1IZW3bpsTLgAwA0y9syOB7XiaTzKSGTOsliPFGTWoPrQD68SO6ogAXOUWxsLNqwmb6mCB7JgxdkLyYpCgCBaDqXykrV4bNUpS5
        right=172.22.67.104                # Remote vitals
    rightsubnet=172.22.67.104/24

rightrsasigkey=0sAQOaBoHjTJl8TG3wr5vHcrMWWyYuNYhkZrF3wZ6pvpQUqRQiUySmNC/00ed9BnotkyMV+YFZUnNQrux17m7Lj1eYeFhhhmrbd6M2jBsxq9NQA07bwIEDhNrPDyj+QjQ+NMmSX90+98X3bkAjtEUAwcKCKf3gUHcy0JcZccs4oy6eT3UZtuxJUb4ZSaVGoygWNe6zyYuhRJdXShoQ4R2f6Fh7kADVsdbsQcyjctf3u0gVczc0f2lNHBMQ/uTgJANixXbmGdeUfPD3n/nxxUh4qoN3SAcea61EJ2a4FPMF5qSOmDTWlnAZm53sZ9Y35Ubdq1QgIh1/1cNP1QHhXhN+UoBBSFLm44Y04XcRJdS7qct8u3yh
    # rightid=@ab.example.com        #
    #rightnexthop=%defaultroute     # correct in many situations
    auto=add                       # authorizes but doesn't start this

include /etc/ipsec.d/examples/no_oe.conf
============================================================================================================

Aheesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060110/df0f46dc/attachment-0001.htm