Hi Paul, I'm still having trouble and could really use some help. Do these errors mean anything?
Oct 10 21:21:33.289300: | #5 in state PARENT_I2: sent v2I2, expected v2R2 Oct 10 21:21:33.289303: | Unpacking clear payload for svm: Initiator: process INVALID_SYNTAX AUTH notification Oct 10 21:21:33.289306: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 10 21:21:33.289309: | serialno table: hash serialno #4 to head 0x56548f76ccc0 Oct 10 21:21:33.289312: | serialno table: hash serialno #4 to head 0x56548f76ccc0 Oct 10 21:21:33.289330: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 10 21:21:33.289334: | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification Oct 10 21:21:33.289337: | Now let's proceed with state specific processing Oct 10 21:21:33.289339: | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification Oct 10 21:21:33.289343: "oriontun" #5: IKE SA authentication request rejected: AUTHENTICATION_FAILED Googling any of these errors/warnings generally only reveal the lines themselves from the source code. How do I find out what exactly was the invalid syntax? Thanks, Alex On Mon, Oct 8, 2018 at 10:37 PM Alex <[email protected]> wrote: > > I don't understand this error: > > Oct 8 22:30:01.939114: "oriontun" #3: IKEv2 mode peer ID is ID_FQDN: > '@arcade-orion' > Oct 8 22:30:01.939222: "oriontun" #3: Signature check (on > @arcade-orion) failed (wrong key?); tried *AwEAAePbb > Oct 8 22:30:01.939234: "oriontun" #3: Digital Signature authentication failed > Oct 8 22:30:01.939262: "oriontun" #3: responding to AUTH message (ID > 1) from 107.155.66.2:500 with encrypted notification > AUTHENTICATION_FAILED > > This is from the left host, orion. The key that it tried is the pub > key from the right host, arcade. Why would it fail a signature check? > > It seems to indicate that it's the wrong key, but that's the public > key from the keypair generated on the other side. It passes on the > other side: > > # ipsec showhostkey --right --rsaid AwEAAePbb > # rsakey AwEAAePbb > rightrsasigkey=0sAwEAAePbbigzEO59FKqpM3frTLK4yry7xtEJN2J+A8rrb2e5reVu28IawJ/IOROx7XeGJkOz0bMX6zUF+ojYz0OPfJWpNfMBdl92NTU6/epO0h9/slKgn2G4hVK6bb1UOrcfo... > > I have worked on this all day and all night for more than three days > and just have no idea why it's failing here. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
