[Openswan Users] nss DH woes
Richard Pickett
richard.pickett at csrtechnologies.com
Sun Jul 24 23:30:04 EDT 2011
Still plunking around trying to get certs to work on openswan. Got them
imported into nss just fine, and it reports in the log that it loads them
correctly.
But when the first client connects, here's what hits the logs (notice the
last line):
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: ignoring
unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [RFC 3947] method set to=109
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: ignoring
Vendor ID payload [FRAGMENTATION 80000000]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [Dead Peer Detection]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: ignoring
unknown Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: ignoring
unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: ignoring
unknown Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
Jul 24 22:26:44 vhost5 pluto[6039]: packet from 74.137.71.67:42600: received
Vendor ID payload [Cisco-Unity]
Jul 24 22:26:44 vhost5 pluto[6039]: "mobileaegisclient"[1] 74.137.71.67 #1:
responding to Main Mode from unknown peer 74.137.71.67
Jul 24 22:26:44 vhost5 pluto[6039]: "mobileaegisclient"[1] 74.137.71.67 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 24 22:26:44 vhost5 pluto[6039]: "mobileaegisclient"[1] 74.137.71.67 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Jul 24 22:26:45 vhost5 pluto[6039]: "mobileaegisclient"[1] 74.137.71.67 #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Jul 24 22:26:45 vhost5 pluto[6039]: NSS: DH private key creation failed
What would cause the NSS DH private key creation to fail? Is this a client
config issue or server side?
Thanks for all your help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110724/36964bb7/attachment.html
More information about the Users
mailing list