[Openswan Users] Problem: no RSA pulic key know for -Problem on CentOS 5

[fatcharly at gmx.de]

Hi,

we are using a openswan-2.6.32-9/CentOS 5 for quite a few years with out any problems. But after a change on our x509-based VPN-connection (all others are PSK, system got compiled without the support for fipschek and nssdb) we ran into a problem. We send our VPN-Partner a new csr and he sent us back the certificate and the ca-file. But whenever we try to connect to our partner-side, we recieve die following error:

#1047: no RSA public key known for '@customer-tunnel-2015.customer-xxx.de'

this is our configuration:
conn customer
        left=62.xxx.xxx.xxx
        leftsubnet=192.168.170.0/24
        leftnexthop=62.xxx.xxx.xxx
        leftid="C=DE, ST=Town, L=Land, O=Organisation, OU=Organisastion, CN=vpn hostname"
        leftrsasigkey=%cert
        leftcert=hostname-cert_2016.pem
        right=82.xxx.xxx.xxx
        rightsubnet=192.168.180.0/24
        rightnexthop=82.xxx.xxx.xxx
        rightid=@customer-tunnel-2015.customer-xxx.de
        rightrsasigkey=%cert
        authby=rsasig
        auto=start
        type=tunnel
        ikelifetime=28800s
        keylife=28800s
        ike=3des-md5-modp1536
        esp=3des-md5
        pfs=yes

If I understand this errormsg right, then there is a problem with the cacert which we use to verify the remote station ?

Any suggestions are welcome


Kind regards

fatcharly