[Openswan Users] Problem with authentication at tunnel startup
Testuser SST
fatcharly at gmx.de
Wed Aug 15 10:38:00 EDT 2012
is there a way to ensure that the system is using NSS ?
-------- Original-Nachricht --------
> Datum: Wed, 15 Aug 2012 10:05:25 -0400
> Von: Leto <letoams at gmail.com>
> An: "fatcharly at gmx.de" <fatcharly at gmx.de>
> Betreff: Re: [Openswan Users] Problem with authentication at tunnel startup
> you probably are using nss now? import the cert/key in nss. there is an
> NSS.readme
>
> On the road...
>
> On 2012-08-15, at 7:49, fatcharly at gmx.de wrote:
>
> > Hi,
> >
> > I´m using a openswan-2.6.32-3.el5 on a CentOS 5.8. When I try to
> initiate a tunnel with our partner I get some error messages. The full log can be
> found at http://pastebin.com/9fU9JADG . I found this error in the logfile:
> >
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: initiating
> Main Mode
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: ignoring
> unknown Vendor ID payload [4f454e7c454d716b5f4d6c67]
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: received
> Vendor ID payload [Dead Peer Detection]
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: transition
> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: STATE_MAIN_I2:
> sent MI2, expecting MR2
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: unable to
> locate my private key for RSA Signature
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: sending
> notification AUTHENTICATION_FAILED to 194.113.XXX.XX:500
> >
> >
> > this is my configuration:
> >
> > version 2.0 # conforms to second version of ipsec.conf specification
> >
> > # --------------------------------------------------------------
> > # Basis Konfiguration
> > # --------------------------------------------------------------
> > config setup
> > interfaces=%defaultroute
> > klipsdebug=all
> > klipsdebug=none
> > plutodebug=all
> > plutodebug=none
> > forwardcontrol=yes
> > #
> > protostack=netkey
> > # ---------------------------------------------------------------
> > # Serverkonfiguration
> > # ---------------------------------------------------------------
> >
> > conn %default
> > keyingtries=1
> > keylife=3600s
> > left=62.109.XX.X
> > leftnexthop=62.109.XX.X
> > auto=start
> >
> > include /etc/ipsec.d/examples/no_oe.conf
> >
> > #conn winlogic
> > conn XXX_xxx_test
> > authby=rsasig
> > leftrsasigkey=%cert
> > leftcert=/etc/zertifikate/fscert.pem
> > leftid="C=DE, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX,
> E=vpn at XXXXXX.XX"
> > leftsubnet=192.168.XXX.XX/24
> > rightrsasigkey=%cert
> > right=194.113.XXX.XX
> > rightid=@ipsect1.XXXXX.xx
> > rightsubnet=192.168.XXX.X/24
> > rightnexthop=194.113.XXX.XX
> >
> >
> >
> >
> > This tunnel has worked a few years ago.
> >
> > Any suggestions are welcome.
> >
> > Kind regards
> >
> > fatcharly
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list