[Openswan Users] INVALID_CERTIFICAT

Marc Guyard soukoussman at gmail.com
Tue Jan 2 04:14:52 EST 2007 

Hi,

I've configured a openswan to connect to a checkpoint by a linux with this
doc :
http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-RoadWarrior.html

But i've this error in my logs when i start ipsec :

loading secrets from "/etc/ipsec/ipsec.secrets"
> loaded private key file '/etc/ipsec.d/private/freeswan-key.pem' (1103
> bytes)
> "freeswan-checkpoint-x509-net" #1: max number of retransmissions (2)
> reached STATE_MAIN_I3.  Possible authentication failure: no acceptable
> response to our first encrypted message
> "freeswan-checkpoint-x509-net" #1: starting keying attempt 2 of an
> unlimited number
> "freeswan-checkpoint-x509-net" #2: initiating Main Mode to replace #1
> "freeswan-checkpoint-x509-net" #2: transition from state STATE_MAIN_I1 to
> state STATE_MAIN_I2
> "freeswan-checkpoint-x509-net" #2: STATE_MAIN_I2: sent MI2, expecting MR2
> "freeswan-checkpoint-x509-net" #2: ignoring CERT_CRL certificate request
> payload
> "freeswan-checkpoint-x509-net" #2: I did not send a certificate because I
> do not have one.
> freeswan-checkpoint-x509-net" #2: transition from state STATE_MAIN_I2 to
> state STATE_MAIN_I3
> "freeswan-checkpoint-x509-net" #2: STATE_MAIN_I3: sent MI3, expecting MR3
> "freeswan-checkpoint-x509-net" #2: ignoring informational payload, type
> INVALID_CERTIFICATE
>

My ipsec.conf is this :

conn freeswan-checkpoint-x509-net
>         # Right side is FreeS/WAN RoadWarrior
>         rightrsasigkey=%cert
>         right=%defaultroute
>         rightid="/O=noc-jupiter..iu2ehn/OU=users/CN=test-marc"
>         #rightcert=freeswan-cert.pem # As an alternative, the file itself
> can be specified
>         # Left side is Check Point
>         left=XX.XX.XX.XX
>         leftsubnet=10.255.253.0/24
>         leftcert=checkpoint-cert.pem
>         leftrsasigkey=%cert
>         #leftrsasigkey=0x0103......  # only needed for old FreeS/WAN
>         leftid=XX.XX.XX.XX               # Check Point VPN-1 send IP
> address as ID
>         #leftid=                     # leave unset for old FreeS/WAN
>         # config
>         type=tunnel
>         keyingtries=0
>         disablearrivalcheck=no
>         authby=rsasig
>         auth=esp
>         ike=3des-sha-modp1024
>         esp=3des-sha1
>         keyexchange=ike
>         auto=start
>         pfs=no
>


Can you help me please to resolv my problem.
Thanks.

-- 
------------------------
SoukoussMan
SoukoussMan at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070102/da7abd3f/attachment-0001.html

More information about the Users mailing list