Hi all,
We have a VPN Gateway to allow "road warriors" to securely access our
network from anywhere (home,wlan). It runs OpenBSD 3.7 and the "clients"
are WinXPSP2 machines using the built-in IPSec. Authentication is done
with X.509 certificates which are distributed as PKCS#12 files.
This has been running fine for over a year now.
Some days ago i had to reinstall a client beacuse of a disk problem, and
i cannot get IPSec to work anymore.
isakmpd keeps reporting:
rsa_sig_decode_hash: RSA_public_decrypt () failed
dropped message from 134.102.176.91 port 500 due to notification type
INVALID_ID_INFORMATION
The other clients are still working fine. I have been double checking
the config files (which i did not change) and created new certificates
more than ones, but cannot find anything.
My question:
What requirements must ne met so that the certificate can be decrypted?
Which public key is used? Is it sent along with the certificate?
I can post my config and logfiles if required
Thanks for your help,
Heinrich
--
Heinrich Rebehn
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -
Phone : +49/421/218-4664
Fax : -3341
