[Openswan Users] no RSA public key
Salvatore
sasa at shoponweb.it
Mon Jun 25 11:26:12 EDT 2007
Hi, I have a problemu with openswan-2.4.7 and site-to-site connection, my
ipsec.conf is:
config setup
interfaces="ipsec0=eth0"
conn %default
esp=3des-md5
rekey=no
conn afra-aquila
auto=start
authby=rsasig
pfs=yes
#sede left
left=82.104.xxx.xxx
leftsubnet=172.16.0.0/24
leftnexthop=82.104.xxx.xxy
# RSA 2192 bits host122-bla.it Mon Jun 25 16:41:02 2007
leftrsasigkey=0sAQOSd...
#sede right
right=79.5.yyy.yyy
rightsubnet=10.0.0.0/24
rightnexthop=79.5.yyy.yyx
# RSA 2192 bits host90bla.it Mon Jun 25 16:42:41 2007
rightrsasigkey=0sAQOZ74bR....
...in log file I have (on both sides):
Jun 25 17:04:28 fw1 pluto[8083]: "afra-aquila" #2: sending encrypted
notification INVALID_KEY_INFORMATION to 79.5.yyy.yyy:500
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #1: max number of
retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure:
no acceptable response to our first encrypted message
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #1: starting keying attempt 2
of an unlimited number
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: initiating Main Mode to
replace #1
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: received Vendor ID
payload [Openswan (this version) 2.4.7 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: received Vendor ID
payload [Dead Peer Detection]
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: STATE_MAIN_I2: sent MI2,
expecting MR2
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: I did not send a
certificate because I do not have one.
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 25 17:04:43 fw1 pluto[8083]: "afra-aquila" #3: STATE_MAIN_I3: sent MI3,
expecting MR3
Jun 25 17:04:44 fw1 pluto[8083]: "afra-aquila" #3: ignoring informational
payload, type INVALID_KEY_INFORMATION
Jun 25 17:04:44 fw1 pluto[8083]: "afra-aquila" #3: received and ignored
informational message
Jun 25 17:04:53 fw1 pluto[8083]: "afra-aquila" #3: ignoring informational
payload, type INVALID_KEY_INFORMATION
Jun 25 17:04:53 fw1 pluto[8083]: "afra-aquila" #3: received and ignored
informational message
Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: Main mode peer ID is
ID_IPV4_ADDR: '79.5.yyy.yyy'
Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: Main mode peer ID is
ID_IPV4_ADDR: '79.5.yyy.yyy'
Jun 25 17:04:57 fw1 pluto[8083]: "afra-aquila" #2: no RSA public key known
for '79.5.yyy.yyy'; DNS search for KEY failed (no KEY record for
79.5.yyy.yyy.in-addr.arpa.)
I have generate keys in this mode:
#ipsec newhostkey --hostname host90bla.it --output /etc/ipsec.secrets
Thanks.
------
Salvatore.
More information about the Users
mailing list