[Openswan Users] INVALID_KEY_INFORMATION
Sasa
sasa at shoponweb.it
Thu Dec 6 07:14:07 EST 2007
Hi, sorry for my insistence..pheraps my problem is caused from parameter:
pfs=yes
?
Thanks.
------
Salvatore.
----- Original Message -----
From: "Sasa" <sasa at shoponweb.it>
To: <users at openswan.org>
Sent: Tuesday, December 04, 2007 5:17 PM
Subject: [Openswan Users] INVALID_KEY_INFORMATION
> Hi, I have a problema with site-to-site connection, on both side I have
> OpenSwan-2.4.9 with kernel-2.6 and the error message is:
>
> Dec 4 16:49:34 fw2 pluto[25925]: "romanapoli" #4: no RSA public key known
> for '89.97.246.xxx'; DNS search for KEY failed (no KEY record for
> xxx.246.97.89.in-addr.arpa.)
> Dec 4 16:49:34 fw2 pluto[25925]: "romanapoli" #4: sending encrypted
> notification INVALID_KEY_INFORMATION to 89.97.246.xxx:500
>
> ..and on the other side:
>
> Dec 4 16:46:38 fw1 pluto[30120]: "romanapoli" #1: STATE_MAIN_I3: sent
> MI3,
> expecting MR3
> Dec 4 16:46:39 fw1 pluto[30120]: "romanapoli" #1: ignoring informational
> payload, type INVALID_KEY_INFORMATION
>
> my ipsec.conf on the both side is:
>
> conn %default
> authby=rsasig
> esp=3des-md5
> conn romanapoli
> auto=start
> pfs=yes
> #sede left roma
> left=89.97.246.xxx
> leftsubnet=192.168.2.0/24
> leftnexthop=89.97.246.xxy
> # RSA 2192 bits fw1 Mon Oct 29 18:27:33 2007
> leftrsasigkey=0sAQPSu0oA
> #sede right napoli
> right=89.97.183.yyy
> rightsubnet=192.168.1.0/24
> rightnexthop=89.97.183.yyx
> # RSA 2192 bits fw2 Mon Nov 12 15:13:48 2007
> rightrsasigkey=0sAQPHufmnVkjP8
> include /etc/ipsec.d/examples/no_oe.conf
>
> ..where is my error ??
> Thanks.
>
> ------
>
> Salvatore.
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list