[Openswan Users] openswan to Instagate
Andy Gay
andy at andynet.net
Sat Jun 2 01:02:30 EDT 2007
On Fri, 2007-06-01 at 16:11 -0400, Peter McGill wrote:
> > /var/log/messages:Jun 1 11:59:29 secure ipsec__plutorun: 003
> > "/etc/ipsec.secrets" line 4: premature end of RSA key
>
> Looks like you have an error in your secrets file.
> If you only have this connection, then you secrets file should look like this:
>
> 207.61.yyy.yyy 72.55.xxx.xxx : PSK "secret"
>
But he said in the earlier post that his config has leftid=@yyyy,
rightid=@xxxx. I think that means you need an entry
@xxxx @yyyy : PSK "secret"
But then again, I suspect the left/rightid shouldn't be set that way, as
I mentioned before.
> This error repeats a number of times.
>
> > /var/log/secure:Jun 1 12:02:18 secure pluto[20251]:
> > "/etc/ipsec.secrets" line 4: premature end of RSA key
> > /var/log/secure:Jun 1 12:02:26 secure pluto[20251]:
> > "host-to-host" #1:
> > initiating Main Mode
> > /var/log/secure:Jun 1 12:02:26 secure pluto[20251]: packet from
> > 207.61.yyy.yyy:500: ignoring informational payload, type
> > NO_PROPOSAL_CHOSEN
>
> NO_PROPOSAL_CHOSEN indicates that the two sides cannot aggree on
> What encryption options to use. Ie) 3des-md5-modp1024, pfs
>
Maybe. I'm not sure it's even getting that far - it looks to me like the
peer is rejecting the initial contact. I don't think it knows who is
calling, because it doesn't recognize the ID.
More information about the Users
mailing list