On Sun, Apr 01, 2012 at 08:13:25PM +0530, Girish Venkatachalam wrote: > Dear all, > SNIP > If it matters in any manner at all, my ipsec.conf is > > #ike passive esp from $localnet to $remotenet peer $remoteip \ > main auth hmac-sha1 enc 3des group modp1536 \ > quick auth hmac-sha1 enc 3des group none psk <removed> > > Do you want isakmpd.conf too? I got one from some site. > > Here is the phase 1 auth reject message I get. > > 201238.986501 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > 201238.986523 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > 201238.986547 Default attribute_unacceptable: AUTHENTICATION_METHOD: > got PRE_SHARED, expected RSA_SIG > 201238.986557 Default messag >
It says that you are trying to authenticate using a PRE_SHARED (pre-defined password) while it was expecting a RSA_SIG (either a X509 certificate or a RSA/DSA/ECSDA key). > Any pointers are much appreciated. > > Thanks to all. > > -Girish Fix your authentication method to match both ends and it should work.
