[Openswan Users] query

neeraj goyal 007.neeraj at gmail.com
Wed Feb 17 05:20:44 EST 2010


Hi...

Thanks for replying Paul. Its not working. I have added rightid=%fromcert
and leftid=%fromcert on both machine.Now its showing error.

104 "sample1" #1: STATE_MAIN_I1: initiate
003 "sample1" #1: received Vendor ID payload [Openswan (this version) 2.6.23
]
003 "sample1" #1: received Vendor ID payload [Dead Peer Detection]
003 "sample1" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "sample1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sample1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no
NAT detected
108 "sample1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sample1" #1: ignoring informational payload, type
INVALID_ID_INFORMATION msgid=00000000
003 "sample1" #1: received and ignored informational message

I have tried all combination
1. by specifying both leftid=%fromcert and rightid=%fromcert on both machine
2. By specifying only rightid=%fromcert at 238 machine and only
leftid=%fromcert at 139 machine.

it gives same error in both case which is mention above.

I have also tried by sepcifying leftid=@east ( east is the cn (common name)
of eastCert.pem) and rightid=@west (where west is the cn (common name) of
westCert.pem). In this case it gives the error

104 "sample1" #1: STATE_MAIN_I1: initiate
003 "sample1" #1: received Vendor ID payload [Openswan (this version) 2.6.23
]
003 "sample1" #1: received Vendor ID payload [Dead Peer Detection]
003 "sample1" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "sample1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sample1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no
NAT detected
108 "sample1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sample1" #1: ignoring informational payload, type
INVALID_KEY_INFORMATION msgid=00000000
003 "sample1" #1: received and ignored informational message

but  if I placed both certificate at both machine and specify their
corresponding parameter (specifying rightcert at 238 machine and leftcert at
139 machine) in ipsec.conf file than I am able to build up the connection.

On Tue, Feb 16, 2010 at 9:04 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 16 Feb 2010, neeraj goyal wrote:
>
>  conn sample1
>>
>>         left=192.168.103.238
>>         leftsendcert=always
>>         leftrsasigkey=%cert
>>         right=192.168.103.139
>>         rightcert=/etc/ipsec.d/certs/westCert.pem
>>         rightsendcert=always
>>         rightrsasigkey=%cert
>>         auto=add
>>
>> Similarily, I have placed the westCert.pem in /etc/ipsec.d/certs in
>> 192.168.103.139 machine. Now I am not able to
>> connect the ipsec between two. It shows (while trying to up the connection
>> using ipsec auto --up sample1)
>>
>
>  003 "sample1" #2: ignoring informational payload, type
>> INVALID_KEY_INFORMATION msgid=00000000
>>
>
> Add rightid=%fromcert
>
> Paul
>



-- 
Regards

Neeraj Goyal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100217/6354dbb5/attachment.html 


More information about the Users mailing list