[Openswan Users] Problem with authentication at tunnel startup

Testuser SST fatcharly at gmx.de
Wed Aug 15 10:38:00 EDT 2012


is there a way to ensure that the system is using NSS ? 

-------- Original-Nachricht --------
> Datum: Wed, 15 Aug 2012 10:05:25 -0400
> Von: Leto <letoams at gmail.com>
> An: "fatcharly at gmx.de" <fatcharly at gmx.de>
> Betreff: Re: [Openswan Users] Problem with authentication at tunnel startup

> you probably are using nss now? import the cert/key in nss. there is an
> NSS.readme
> 
> On the road...
> 
> On 2012-08-15, at 7:49, fatcharly at gmx.de wrote:
> 
> > Hi,
> > 
> > I´m using a openswan-2.6.32-3.el5 on a CentOS 5.8. When I try to
> initiate a tunnel with our partner I get some error messages. The full log can be
> found at http://pastebin.com/9fU9JADG . I found this error in the logfile:
> > 
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: initiating
> Main Mode
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: ignoring
> unknown Vendor ID payload [4f454e7c454d716b5f4d6c67]
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: received
> Vendor ID payload [Dead Peer Detection]
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: transition
> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: STATE_MAIN_I2:
> sent MI2, expecting MR2
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: unable to
> locate my private key for RSA Signature
> > Aug 15 11:50:04 pilotswan pluto[8077]: "XXX_xxx_test" #1: sending
> notification AUTHENTICATION_FAILED to 194.113.XXX.XX:500
> > 
> > 
> > this is my configuration:
> > 
> > version 2.0     # conforms to second version of ipsec.conf specification
> > 
> > # --------------------------------------------------------------
> > # Basis Konfiguration
> > # --------------------------------------------------------------
> > config setup
> >        interfaces=%defaultroute
> >        klipsdebug=all
> >        klipsdebug=none
> >        plutodebug=all
> >        plutodebug=none
> >        forwardcontrol=yes
> > #
> >        protostack=netkey
> > # ---------------------------------------------------------------
> > # Serverkonfiguration
> > # ---------------------------------------------------------------
> > 
> > conn %default
> >        keyingtries=1
> >        keylife=3600s
> >        left=62.109.XX.X
> >        leftnexthop=62.109.XX.X
> >        auto=start
> > 
> > include /etc/ipsec.d/examples/no_oe.conf
> > 
> > #conn winlogic
> > conn XXX_xxx_test
> >        authby=rsasig
> >        leftrsasigkey=%cert
> >        leftcert=/etc/zertifikate/fscert.pem
> >        leftid="C=DE, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX,
> E=vpn at XXXXXX.XX"
> >        leftsubnet=192.168.XXX.XX/24
> >        rightrsasigkey=%cert
> >        right=194.113.XXX.XX
> >        rightid=@ipsect1.XXXXX.xx
> >        rightsubnet=192.168.XXX.X/24
> >        rightnexthop=194.113.XXX.XX
> > 
> > 
> > 
> > 
> > This tunnel has worked a few years ago.
> > 
> > Any suggestions are welcome.
> > 
> > Kind regards
> > 
> > fatcharly
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list