On Sun, 18 Feb 2018, klwilson...@comcast.net wrote:

Paul, I tried ran the attached  reset script to reconfigure the environment. 
Hopefully there is absolutely no ambiguity in what I am attempting to do or use 
in my configuration. I also attached the host_to_host.conf file that results 
from the script showing the final state.

I checked it and it looks fine. It should work. Are you at least on 3.21
to ensure it works without any ipsec.secrets entries?

Your email regarding the left/right rsasigkey was a bit confusing. I believe 
these are right the way I have them.

Yes, it is.

However, I am still running into the same problems. I have attached the conf 
file as well.

003 "host-to-host" #5: unable to locate my private key for RSA Signatures
224 "host-to-host" #5:  STATE_MAIN_I2: AUTHENTICATION_FAILED
002 "host-to-host" #5: sending notification AUTHENTICATION_FAILED to

The only things I can think of at this point is that your libreswan
version requires the ipsec.secrets entry. Change the newhostkey
command to: ipsec newhostkey --output /etc/ipsec.secrets
(it will overwrite the existing file)

If that doesn't solve it, maybe disable whatever security mechanisms
might be in play? FIPS? Selinux? AppArmor ?

Swan mailing list

Reply via email to