[Openswan Users] Unable to establish connection using certificates

Paul Wouters paul at xelerance.com
Wed Apr 29 17:12:46 EDT 2009


On Wed, 29 Apr 2009, Robyn Orosz wrote:

> I have 2 Openswan devices that I'm attempting to establish a tunnel

Not sure why you are using aggressive mode here.....

> Here's the message I'm seeing on the server side:

> 192.168.103.8 #2: initial Aggressive Mode packet claiming to be from
> C=ES, ST=Tarifa, L=Cadiz, O=Test, CN=vyatta-2, E=test at test.com on
> 192.168.103.8 but no connection has been authorized
> Apr 29 20:12:37 vyattatar pluto[10906]: | complete state transition with

Is this an older version of openswan? Some aggressive mode fixes
were made in the last year. Try without aggressive mode on both
sides.

Ensure both connections loaded fine using ipsec auto --add connname

Use ipsec auto --listall to confirm CAcert, cert and private key
loaded okay.

Paul


More information about the Users mailing list