[Openswan Users] Openswan on Ubuntu: we cannot identify ourselves with either end of this connection

satpal parmar systems.satpal at gmail.com
Mon Sep 26 03:36:18 EDT 2011 

OOps! Skipping breakfast was a bad idea. I mistakenly edited my local
ipsec.config ( I am sshing other two linux machines from third red hat
machine). After moving to right machine and right config file I am able to
move ahead but getting two different error messages when I --upping the
ipsec connection:

Ubuntu (192.168.101.1): signature check (192.168.101.2 ) failed(wrong key)
tried AQ-----
Red hat machine(192.168.101.2): Can't find the private key from the NSS CERT
(err -12285)

Now I am not sure which side is culprit or if both the error r genuine. Any
pointers?

-SP

On Mon, Sep 26, 2011 at 8:50 AM, satpal parmar <systems.satpal at gmail.com>wrote:

> Hi All
>
> I am testing ipsec host to host communication. Things went fine when I was
> running with pre-shared keys and I was able to build tunnel. I concluded
> this means Pluto is running fine, my kernel/pluto config are ok and things
> are running in sync.
>
> However  when I switched to RSA thing are not working as smoothly. I found
> my ipsec.secrets key empty on Ubuntu side. When I try to run ipsec
> newhostley --output /etc/ipsec.secrets  I got '--confdir required' err
> message. I tried to create new NSS databse using certutil
>  failed complaining  'could not authenticate token 'NSS certification DB'
>  which I am not sure Iunderstood.
>
> Finally I was able to created keys using: ---configdir /etc/pki/nssdb.
>
> Now I have rsa sig  on both side ipsec.secrets and  minimal config
> (leftip,leftsidesig, rightip,rightsidesig) but when I up the connection I
> get 'we cannot identify ourselves with either end of this connection' on
> Ubuntu side and retransmission failure message on red hat side (whic i think
> is ok as Ubuntu side failed to respond).
>
> I am looking for minimal checklist to confirm my setup/conf is right. I
> find error message from openswan config n setup are not very explicit n for
> very error message I have to google and filter  a lots of old and new config
> data.Though I am currently focused on running RSA in one go I will try to
> document all issues I got and how I resolved them  and post it here someday.
>
> I request you to share your latest tryst with running open swan on any
> linux distro. Last but not the least do let me know how to debug/proceed
> from 'we cannot identify ourselves with either end of this connection'
> situation.
>
> Thanks in advance.
>
> -SP
>
> ===============================================================
> My Setup:
>
> Ubuntu 10 /Opsenswan 2.6.23  <-------------------------------->Redheat 5
> /openswan 2.6.21
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110926/431f6c3c/attachment.html

More information about the Users mailing list