[Openswan Users] openswan 2.4.9 run on ARM error ?
李正光
xjklee at gmail.com
Thu Sep 27 21:29:57 EDT 2007
2007/9/27, Paul Wouters <paul at xelerance.com>:
>
> On Thu, 27 Sep 2007, ??? wrote:
>
> > The server log is :
> >
> ---------------------------------------------------------------------------------------------------------------
> > 2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**>
> > Phase 1: Negotiations have failed for user
> > <CN=IPSEC,OU=Support,O=Dawningtech,L=Taipei,ST=Taiwan,C=TW>.
> > 2007-09-06 16:20:50 system info 00536 IKE<**.30.115.**>
> > Phase 1: No private key exists to sign packets.
> > 2007-09-06 16:20:44 system info 00536 IKE<**.30.115.**>
> > Phase 1: Responder starts MAIN mode negotiations.
>
> So it looks like an issue on that device then, not on openswan?
>
> > conn net-to-net
> > authby=rsasig
> > compress=yes
> > esp=3DES-SHA1-96
> > left=%defaultroute
> > leftsubnet=192.168.1.0/24
> > leftnexthop=%defaultroute
> > leftcert=/etc/ipsec.d/mycert2.pem
> > leftrsasigkey=%cert
> > right=**.**.**.**
> > rightid="@SSG550.sti.com.tw"
>
> Looks like the SSG550.sti.com.tw end has no private key loaded?
> Or openswan is using a different CA then the other end?
> Or you are not using a CA, in which case you should load the right
> cert manually?
>
>
> Paul
>
the same openswan version and the certificate/key is the same as I put them
on the x86 linux environment. And it run correctly! the same config file and
CA key file.
,I don't know is there any other lib... that I should copy to the embedded
machine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070928/d96c0264/attachment.html
More information about the Users
mailing list