[Openswan Users] WG: Connection Problem
Peter Siegel
PeterS at 4ahead.com
Wed Apr 20 15:36:58 EDT 2011
Thank you,
I changed it to PSK now and i found the error with the rsa key and after fixing the = typo it worked
Peter
-----Ursprüngliche Nachricht-----
Von: Paul Wouters [mailto:paul at xelerance.com]
Gesendet: Mittwoch, 20. April 2011 18:57
An: Peter Siegel
Cc: users at openswan.org
Betreff: Re: [Openswan Users] Connection Problem
On Wed, 20 Apr 2011, Peter Siegel wrote:
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets"
> line 1: unrecognized key format: PKS Apr 20 08:03:00 firewall
> ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: unrecognized key
> format: PKS
See man ipsec.secrets. The keyword is PSK, not PKS.
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets"
> line 4: premature end of RSA key
It appears you have a broken RSA key configured. Likely you manually killed what you thought were "hanging" processes on first start when openswan attempts to build a new rsa key. Or you rebooted while these were running. Remove the partial RSA key.
> Apr 20 08:16:10 firewall pluto[6163]: "Digital" #1: max number of
> retransmissions (20) reached STATE_MAIN_I1. No response (or no
> acceptable
> response) to our first IKE message
This could be a firewall issue, or a misconfiguration issue.
> Apr 20 07:38:09 firewall pluto[11528]: packet from 195.112.212.10:500:
> initial Main Mode message received on 84.189.122.2:500 but no
> connection has been authorized
this seems to indicate a misconfiguration. Your pasted config matches on both end (except a weird "="
symbol which I hopes was an email error)
On the server side, try: ipsec auto --add Digital and see if it shows any error.
Paul
More information about the Users
mailing list