[Openswan Users] Re: openswan net to net configuration

Paul Wouters paul at xelerance.com
Tue Mar 7 21:37:39 CET 2006


On Tue, 7 Mar 2006, Alain JUPIN wrote:

> 004 "sigma" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> 117 "sigma" #2: STATE_QUICK_I1: initiate
> 010 "sigma" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "sigma" #2: STATE_QUICK_I1: retransmission; will wait 40s for response

This is when the other end concluded the rsa key is wrong (in your earlier email)

> Mar  7 11:32:13 meissa pluto[12418]: "sigma" #1: multiple ipsec.secrets
> entries with distinct secrets match endpoints: first secret used

You have more then one RSA key in there and it is picking the wrong one?
This happens when you use two entries like ":RSA" where no specific identifier
is used with the particular rsa key. Easy way is to just have that one key
in there, and comment out the other. Run 'ipsec secrets' to reread the file.

Paul


More information about the Users mailing list