[Openswan Users] INVALID_KEY_INFORMATION

Sasa sasa at shoponweb.it
Thu Dec 6 11:22:55 EST 2007


Hi, I have solved problem, I have create again secret key and now it's all 
ok but pherpas my problem is caused form bad tab/space characters in 
ipsec.conf.
Thanks.

------

   Salvatore.


----- Original Message ----- 
From: "Sasa" <sasa at shoponweb.it>
To: <users at openswan.org>
Sent: Thursday, December 06, 2007 1:14 PM
Subject: Re: [Openswan Users] INVALID_KEY_INFORMATION


> Hi, sorry for my insistence..pheraps my problem is caused from parameter:
>
> pfs=yes
>
> ?
> Thanks.
>
> ------
>
>   Salvatore.
>
>
> ----- Original Message ----- 
> From: "Sasa" <sasa at shoponweb.it>
> To: <users at openswan.org>
> Sent: Tuesday, December 04, 2007 5:17 PM
> Subject: [Openswan Users] INVALID_KEY_INFORMATION
>
>
>> Hi, I have a problema with site-to-site connection, on both side I have
>> OpenSwan-2.4.9 with kernel-2.6 and the error message is:
>>
>> Dec  4 16:49:34 fw2 pluto[25925]: "romanapoli" #4: no RSA public key 
>> known
>> for '89.97.246.xxx'; DNS search for KEY failed (no KEY record for
>> xxx.246.97.89.in-addr.arpa.)
>> Dec  4 16:49:34 fw2 pluto[25925]: "romanapoli" #4: sending encrypted
>> notification INVALID_KEY_INFORMATION to 89.97.246.xxx:500
>>
>> ..and on the other side:
>>
>> Dec  4 16:46:38 fw1 pluto[30120]: "romanapoli" #1: STATE_MAIN_I3: sent
>> MI3,
>> expecting MR3
>> Dec  4 16:46:39 fw1 pluto[30120]: "romanapoli" #1: ignoring informational
>> payload, type INVALID_KEY_INFORMATION
>>
>> my ipsec.conf on the both side is:
>>
>> conn %default
>> authby=rsasig
>> esp=3des-md5
>> conn romanapoli
>> auto=start
>> pfs=yes
>> #sede left roma
>> left=89.97.246.xxx
>> leftsubnet=192.168.2.0/24
>> leftnexthop=89.97.246.xxy
>> # RSA 2192 bits   fw1   Mon Oct 29 18:27:33 2007
>> leftrsasigkey=0sAQPSu0oA
>> #sede right napoli
>> right=89.97.183.yyy
>> rightsubnet=192.168.1.0/24
>> rightnexthop=89.97.183.yyx
>> # RSA 2192 bits   fw2   Mon Nov 12 15:13:48 2007
>> rightrsasigkey=0sAQPHufmnVkjP8
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> ..where is my error ??
>> Thanks.
>>
>> ------
>>
>>   Salvatore.
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



More information about the Users mailing list