[Openswan Users] CKAIDNSS keyword not found where expected inRSAkey in /var/log/secure
Avesh Agarwal
avagarwa at redhat.com
Wed Jul 8 17:58:59 EDT 2009
Greg Scott wrote:
> Still not out of the woods. After replacing my old key with the new key
> all my remote sites, everyone's /var/log/secure file is going nuts with
> these errors:
>
> Jul 8 16:50:00 SF-fw2 pluto[27192]: "SFalls-Everywhere" #12: Signature
> check (on @hq.local) failed (wrong key?); tried *AQPgHGxjC
> Jul 8 16:50:00 SF-fw2 pluto[27192]: "SFalls-Everywhere" #12: sending
> encrypted notification INVALID_KEY_INFORMATION to 66.173.42.146:500
> Jul 8 16:50:10 SF-fw2 pluto[27192]: "SFalls-Everywhere" #12: Main mode
> peer ID is ID_FQDN: '@hq.local'
> Jul 8 16:50:10 SF-fw2 pluto[27192]: "SFalls-Everywhere" #12: Signature
> check (on @hq.local) failed (wrong key?); tried *AQPgHGxjC
> Jul 8 16:50:10 SF-fw2 pluto[27192]: "SFalls-Everywhere" #12: sending
> encrypted notification INVALID_KEY_INFORMATION to 66.173.42.146:500
>
> - Greg
>
I think you did not create "nsspassword" file in the "/etc/ipsec.d" and
put the NSS database password in this file. and try again.
The password provided in the "nsspassword" file is read by pluto so that
it can authenticate to NSS database.
Avesh
More information about the Users
mailing list