[Openswan Users] openswan + certificates + xl2tpd + no suitable connection error
Adam Sienkiewicz
adamsienkiewicz78 at gmail.com
Wed Dec 8 13:09:52 EST 2010
I have changed the ipsec.conf file as you requested - result is the same.
Here is output of ipsec auto --listall command
root at slack13:/etc/ipsec.d/private# ipsec auto --listall
000
000 List of Public Keys:
000
000 Dec 08 18:59:19 2010, 1024 RSA Key AwEAAc+Lo (no private key), until Nov
22 07:59:02 2020 ok
000 ID_DER_ASN1_DN 'C=PL, ST=cos, O=name1, OU=it, CN=vpntest, E=
myname at wp.pl'
000 Issuer 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=
myname at wp.pl'
000 Dec 08 18:59:05 2010, 1024 RSA Key AwEAAZ+GM (has private key), until
Nov 22 07:59:39 2020 ok
000 ID_DER_ASN1_DN 'C=PL, ST=cos, O=name1, OU=it, CN=vpntest, E=
myname at wp.pl'
000 Issuer 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=
myname at wp.pl'
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 8: RSA (none) (none)
000
000 List of X.509 End Certificates:
000
000 Dec 08 18:59:05 2010, count: 2
000 subject: 'C=PL, ST=cos, O=name1, OU=it, CN=vpntest, E=
myname at wp.pl'
000 issuer: 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=
myname at wp.pl'
000 serial: 01
000 pubkey: 1024 RSA Key AwEAAZ+GM, has private key
000 validity: not before Nov 25 07:59:39 2010 ok
000 not after Nov 22 07:59:39 2020 ok
000 subjkey:
37:ac:a2:ad:31:e3:10:87:2b:f7:b8:cf:f0:7c:45:bc:c4:ec:4e:d2
000 authkey:
86:97:50:1d:68:c8:0e:6a:0e:dc:61:ba:c2:12:9e:2d:98:1f:d3:6e
000 aserial: 00:83:ff:d4:5e:b1:28:2c:ae
000
000 List of X.509 CA Certificates:
000
000 Dec 08 18:59:05 2010, count: 1
000 subject: 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=
myname at wp.pl'
000 issuer: 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=
myname at wp.pl'
000 serial: 00:83:ff:d4:5e:b1:28:2c:ae
000 pubkey: 1024 RSA Key AwEAAaOTD
000 validity: not before Nov 25 07:59:02 2010 ok
000 not after Nov 22 07:59:02 2020 ok
000 subjkey:
86:97:50:1d:68:c8:0e:6a:0e:dc:61:ba:c2:12:9e:2d:98:1f:d3:6e
000 authkey:
86:97:50:1d:68:c8:0e:6a:0e:dc:61:ba:c2:12:9e:2d:98:1f:d3:6e
000 aserial: 00:83:ff:d4:5e:b1:28:2c:ae
000
000 List of X.509 CRLs:
000
000 Dec 08 18:59:05 2010, revoked certs: 0
This kaypair is used for testing only - after this I will destroy it
2010/12/8 Paul Wouters <paul at xelerance.com>
> On Wed, 8 Dec 2010, Adam Sienkiewicz wrote:
>
> right=%any
>> rightca=%same
>>
>
> try rightca=%any (assuming you trust any loaded CA anyways)
>
>
> rightid=%fromcert
>> rightrsasigkey=%cert
>> # Using the magic port of "0" means "any one single port". This is
>> # a work around required for Apple OSX clients that use a randomly
>> # high port, but propose "0" instead of their port. If that does
>> # not work, try 17/%any
>> rightprotoport=17/0
>>
>
> use 17/%any
>
>
> Dec 7 13:28:58 slack13 pluto[26544]: loading secrets from
>> "/etc/ipsec.secrets"
>> Dec 7 13:28:58 slack13 pluto[26544]: loaded private key file
>> '/etc/ipsec.d/private/vpntest.key' (887 bytes)
>> Dec 7 13:28:58 slack13 pluto[26544]: | 30 82 02 5b 02 01 00 02 81 81
>> 00 9f 86 33 38 df
>> Dec 7 13:28:58 slack13 pluto[26544]: | 00 08 12 eb 92 b6 6a 4f 91 b5
>> 5e 17 4f 23 e0 ae
>>
>
> Please destroy this keypair, it seems you added "crypt" to plutodebug= so
> it gost posted for everyone to copy.
>
>
> Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: no
>> suitable connection for peer 'C=PL, ST=cos, O=name1, OU=it, CN=mycert, E=
>> myname at wp.pl'
>> Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1:
>> sending encrypted notification INVALID_ID_INFORMATION to 131.207.xx.xx:59780
>>
>
> what does ipsec auto --listall say after this?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101208/94728176/attachment.html
More information about the Users
mailing list