[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338

Marcos Hacker mfhacker at hotmail.com
Fri May 15 14:09:29 EDT 2009



I am trying to establish a connection between an OepnSWAN 2.6.19 client and a Netgear FVS338 VPN firewall using certificates. I have my CA cert loaded on the Netgear, as well as a self signed certificate generated from a cerficate request on the Netgear. On the OpenSWAN side I have the CA cert loaded, and a corresponding client cert & private key. When I try to establish a connection from OpenSWAN to the Netgear, I get the following: 

sh-2.05b# ipsec whack --initiate --asynchronous --name vpn_tunnel
pluto[2513]: "vpn_tunnel" #1: initiating Main Mode
002 "vpn_tunnel" #1: initiating Main Mode
104 "vpn_tunnel" #1: STATE_MAIN_I1: initiate
sh-2.05b# pluto[2513]: "vpn_tunnel" #1: ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
pluto[2513]: "vpn_tunnel" #1: ignoring Vendor ID payload [KAME/racoon]
pluto[2513]: "vpn_tunnel" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
pluto[2513]: "vpn_tunnel" #1: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[2513]: "vpn_tunnel" #1: ignoring Vendor ID payload [KAME/racoon]
pluto[2513]: "vpn_tunnel" #1: I am sending my cert
pluto[2513]: "vpn_tunnel" #1: I am sending a certificate request
pluto[2513]: "vpn_tunnel" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
pluto[2513]: "vpn_tunnel" #1: STATE_MAIN_I3: sent MI3, expecting MR3
pluto[2513]: "vpn_tunnel" #1: Main mode peer ID is ID_IPV4_ADDR: '130.168.1.2'
pluto[2513]: "vpn_tunnel" #1: no crl from issuer "C=US, ST=Florida, O=Corp, OU=CommGroup, CN=Device" found (strict=no)
pluto[2513]: "vpn_tunnel" #1: no RSA public key known for '130.168.1.2'
pluto[2513]: "vpn_tunnel" #1: sending encrypted notification INVALID_KEY_INFORMATION to 130.168.1.2:500


I am not sure why I see an error for "no RSA public key". The client cert I have loaded on openSWAN contains a public key. Any help is appreciated! 

marcos


_________________________________________________________________
Windows Live™: Keep your life in sync.
http://windowslive.com/explore?ocid=TXT_TAGLM_BR_life_in_synch_052009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090515/1c25726c/attachment.html 


More information about the Users mailing list