This failed for me last night. testing/pluto/ikev2-x509-02-eku/OUTPUT/west.console.diff
+002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED testing/pluto/ikev2-x509-02-eku/OUTPUT/east.pluto.log | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, [email protected]' "ikev2-westnet-eastnet-x509-cr" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' | verifying AUTH payload | #1 spent 1.66 milliseconds | required RSA CA is '%any' | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, [email protected]' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libres! | checking RSA keyid '[email protected]' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' | checking RSA keyid '@east.testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' | checking RSA keyid '[email protected]' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' | checking RSA keyid '192.1.2.23' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' "ikev2-westnet-eastnet-x509-cr" #1: no RSA public key known for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, [email protected]' | #1 spent 0.446 milliseconds in ikev2_verify_rsa_hash() "ikev2-westnet-eastnet-x509-cr" #1: RSA authentication of I2 Auth Payload failed "ikev2-westnet-eastnet-x509-cr" #1: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification AUTHENTICATION_FAILED This looks importan. What's up? _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
