[Openswan Users] INVALID_KEY_INFORMATION when bringing up my ipsec connection

[Tim P]

My CA cert and crl are in place as is the cert for the remote host and my
client host.  This error is on the client host.  I am able to connect with
my windows clients l2tp ipsec connection and should just be ablet to get an
ipsec only connection using openswan correct?  I was following the guide at
http://www.natecarlson.com/linux/ipsec-x509.php#clientopenswan
>From what I've seen of this error message this seems like a certificate
error.

ERROR MSG:
[root at creepingdeath]# ipsec auto --up roadwarrior
104 "roadwarrior" #1: STATE_MAIN_I1: initiate
003 "roadwarrior" #1: ignoring unknown Vendor ID payload
[4f457a7d4646466667725f65]
003 "roadwarrior" #1: received Vendor ID payload [Dead Peer Detection]
003 "roadwarrior" #1: received Vendor ID payload [RFC 3947] method set
to=109
106 "roadwarrior" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "roadwarrior" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected
108 "roadwarrior" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "roadwarrior" #1: ignoring informational payload, type
INVALID_KEY_INFORMATION
003 "roadwarrior" #1: received and ignored informational message
003 "roadwarrior" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "roadwarrior" #1: STATE_MAIN_I3: retransmission; will wait 20s for
response
003 "roadwarrior" #1: ignoring informational payload, type
INVALID_KEY_INFORMATION
003 "roadwarrior" #1: received and ignored informational message
003 "roadwarrior" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "roadwarrior" #1: STATE_MAIN_I3: retransmission; will wait 40s for
response
003 "roadwarrior" #1: ignoring informational payload, type
INVALID_KEY_INFORMATION
003 "roadwarrior" #1: received and ignored informational message

IPSEC.CONF
version 2.0     # conforms to second version of ipsec.conf specification

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        klipsdebug=all
        plutodebug=all

conn %default
        keyingtries=1
        compress=yes
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        left=subnet=192.168.8.0/255.255.255.0
        also=roadwarrior

conn roadwarrior
        left=remotehost.dyndns.org
        leftcert=remotehost.pem
        right=%defaultroute
        rightcert=clienthost.pem
        auto=add
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

IPSEC.SECRETS
: RSA clienthost.key "mysecret"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060726/4fe10592/attachment.htm