[Openswan Users] Host Certifcate
Paul Wouters
paul at xelerance.com
Thu May 11 17:36:31 CEST 2006
On Thu, 11 May 2006, Oliver Tomkins wrote:
> I should probably make this clearer.
>
> I don't think the certificate had actually expired. I noticed the date on the
> hosts certificate was exactly 1 year old yesterday and made 2 + 2 = 5.
>
> No configuration changes were made to the ipsec machine yesterday but as of a
> certain point yesterday I start to see this in /var/log/secure for our non-NAT
> clients:
>
> max number of retransmissions (2) reached STATE_MAIN_I3. Possible
> authentication failure: no acceptable response to our first encrypted message
>
> Eventually the tunnels went down and they were unable to reconnect.
>
> Clients trying to reconnect afterwards failed with the messages below.
Seems like something expired. Check the certificate on the windows machine via
the MMC, and run ipsec auto --listall to see if your CA cert and gateway cert
indeed did not expire.
Paul
More information about the Users
mailing list