Using leftid=%fromcert did not help.
I tried digging into the logs but I can't find the root cause.
How can I troubleshoot PKI based authentication?
Thanks
Noam Singer
*Co-founder and *
*CSO *
*FortyCloud Ltd.*
Cell:+972 54 242 1064
Fax:+972 72 215 2980
Email: n...@fortycloud.com
Hello
I am trying to set an IPSec connection with certificates (same CA for both
certs), but my connection does not pass the STATE_MAIN_I3 state.
Is there a way to better troubleshoot the PKI failures
Am I doing something wrong?
I would appreciate any help.
Thanks in advance
I have setup
Hello everyone,
A quick question about this family of ciphers
Does the null at the end mean that packets are not authenticated?
Thanks
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
Thank you all for all your help
My hunch is that the failure relates to subjectAltName
I'll be taking all comments into account and update you as soon as I have
something working
Thank you all
Noam Singer
On Tue, Feb 2, 2016 at 9:07 AM, Tuomo Soini <t...@foobar.fi> wrote:
>
Hello group,
I just installed LibreSwan 3.17 on a fresh machine
I tried creating a public-key using the following basic script
echo "" > /tmp/nsspassword
rm -f /etc/ipsec.secrets
certutil -N -d /etc/ipsec.d -f /tmp/nsspassword
ipsec newhostkey --output /etc/ipsec.secrets
Hello everyone,
I am using LibreSwan 3.16 and connecting several machines in different AWS
regions.
On one machine, one of the connections repeatedly fails with the following
error. The connection was OK a couple of days ago, but started failing last
week
All other connections in that machine are
| crypto helper 0: pcw_work:
197
Dec 29 14:28:15 ip-172-31-16-203 pluto[2294]: | asking crypto helper 0 to
do build nonce; request ID 200 (len=2776, pcw_work=197)
I would appreciate your thoughts on this issue
Thanks in advance
Noam Singer
sudo ipsec newhostkey --output /etc/ipsec.secrets --nssdir /etc/ipsec.d
--seeddev /dev/urandom --bits 2192
Still, the keys are not placed in /etc/ipsec.secrets. Only when running the
command "ipsec newhostkey --output /etc/ipsec.secrets", they do.
Thanks for all your help.
Noam Singer