unsubscribe On Thu, Oct 11, 2018 at 5:29 AM Alex <[email protected]> wrote:
> Hi Paul, I'm still having trouble and could really use some help. Do > these errors mean anything? > > Oct 10 21:21:33.289300: | #5 in state PARENT_I2: sent v2I2, expected v2R2 > Oct 10 21:21:33.289303: | Unpacking clear payload for svm: Initiator: > process INVALID_SYNTAX AUTH notification > Oct 10 21:21:33.289306: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) > Oct 10 21:21:33.289309: | serialno table: hash serialno #4 to head > 0x56548f76ccc0 > Oct 10 21:21:33.289312: | serialno table: hash serialno #4 to head > 0x56548f76ccc0 > Oct 10 21:21:33.289330: | Now let's proceed with payload (ISAKMP_NEXT_v2N) > Oct 10 21:21:33.289334: | selected state microcode Initiator: process > AUTHENTICATION_FAILED AUTH notification > Oct 10 21:21:33.289337: | Now let's proceed with state specific processing > Oct 10 21:21:33.289339: | calling processor Initiator: process > AUTHENTICATION_FAILED AUTH notification > Oct 10 21:21:33.289343: "oriontun" #5: IKE SA authentication request > rejected: AUTHENTICATION_FAILED > > Googling any of these errors/warnings generally only reveal the lines > themselves from the source code. How do I find out what exactly was > the invalid syntax? > > Thanks, > Alex > > On Mon, Oct 8, 2018 at 10:37 PM Alex <[email protected]> wrote: > > > > I don't understand this error: > > > > Oct 8 22:30:01.939114: "oriontun" #3: IKEv2 mode peer ID is ID_FQDN: > > '@arcade-orion' > > Oct 8 22:30:01.939222: "oriontun" #3: Signature check (on > > @arcade-orion) failed (wrong key?); tried *AwEAAePbb > > Oct 8 22:30:01.939234: "oriontun" #3: Digital Signature authentication > failed > > Oct 8 22:30:01.939262: "oriontun" #3: responding to AUTH message (ID > > 1) from 107.155.66.2:500 with encrypted notification > > AUTHENTICATION_FAILED > > > > This is from the left host, orion. The key that it tried is the pub > > key from the right host, arcade. Why would it fail a signature check? > > > > It seems to indicate that it's the wrong key, but that's the public > > key from the keypair generated on the other side. It passes on the > > other side: > > > > # ipsec showhostkey --right --rsaid AwEAAePbb > > # rsakey AwEAAePbb > > > rightrsasigkey=0sAwEAAePbbigzEO59FKqpM3frTLK4yry7xtEJN2J+A8rrb2e5reVu28IawJ/IOROx7XeGJkOz0bMX6zUF+ojYz0OPfJWpNfMBdl92NTU6/epO0h9/slKgn2G4hVK6bb1UOrcfo... > > > > I have worked on this all day and all night for more than three days > > and just have no idea why it's failing here. > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
