[Openswan Users] Re: openswan net to net configuration
Paul Wouters
paul at xelerance.com
Tue Mar 7 21:37:39 CET 2006
On Tue, 7 Mar 2006, Alain JUPIN wrote:
> 004 "sigma" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> 117 "sigma" #2: STATE_QUICK_I1: initiate
> 010 "sigma" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "sigma" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
This is when the other end concluded the rsa key is wrong (in your earlier email)
> Mar 7 11:32:13 meissa pluto[12418]: "sigma" #1: multiple ipsec.secrets
> entries with distinct secrets match endpoints: first secret used
You have more then one RSA key in there and it is picking the wrong one?
This happens when you use two entries like ":RSA" where no specific identifier
is used with the particular rsa key. Easy way is to just have that one key
in there, and comment out the other. Run 'ipsec secrets' to reread the file.
Paul
More information about the Users
mailing list