just missed to attach the config files On Wed, Apr 15, 2020 at 9:06 PM Madhan Raj <[email protected]> wrote:
> Hi Paul and others, > > version: -libreswan-3.25-4.1.el7.x86_64 > > I have the attached my policy details. > > in the logs it keeps rejecting my connection. > Apr 16 06:05:09.608383: loading secrets from "/etc/ipsec.secrets" > Apr 16 06:05:09.608414: no secrets filename matched > "/etc/ipsec.d/secrets/71807379470.secrets" > Apr 16 06:05:09.608440: no secrets filename matched > "/etc/ipsec.d/secrets/71807379470.secrets" > Apr 16 06:05:09.608774: "71807379470_x509" #1: initiating Main Mode > Apr 16 06:05:09.612050: "71807379470_x509" #1: STATE_MAIN_I2: sent MI2, > expecting MR2 > Apr 16 06:05:09.619711: "71807379470_x509" #1: I am sending my cert > Apr 16 06:05:09.619743: "71807379470_x509" #1: I am sending a certificate > request > Apr 16 06:05:09.625368: "71807379470_x509" #1: STATE_MAIN_I3: sent MI3, > expecting MR3 > Apr 16 06:05:09.641313: "71807379470_x509" #1: Peer ID is ID_DER_ASN1_DN: > 'C=IN, ST=i, L=i, O=i, OU=i, CN=cucm-142' > Apr 16 06:05:09.641847: "71807379470_x509" #1: X509: no EE-cert in chain! > Apr 16 06:05:09.641884: "71807379470_x509" #1:* X509: Certificate > rejected for this connection* > Apr 16 06:05:09.641927: "71807379470_x509" #1: X509: CERT payload bogus or > revoked > Apr 16 06:05:09.641969: "71807379470_x509" #1: sending encrypted > notification INVALID_ID_INFORMATION to 10.77.137.142:500 > Apr 16 06:05:09.642991: "71807379470_x509" #1: received PAYLOAD_MALFORMED > Apr 16 06:05:10.119659: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 0.5 seconds for response > Apr 16 06:05:10.158984: "71807379470_x509" #1: Peer ID is ID_DER_ASN1_DN: > 'C=IN, ST=i, L=i, O=i, OU=i, CN=cucm-142' > Apr 16 06:05:10.159367: "71807379470_x509" #1: X509: no EE-cert in chain! > Apr 16 06:05:10.159403: "71807379470_x509" #1: X509: Certificate rejected > for this connection > Apr 16 06:05:10.159426: "71807379470_x509" #1: X509: CERT payload bogus or > revoked > Apr 16 06:05:10.159465: "71807379470_x509" #1: sending encrypted > notification INVALID_ID_INFORMATION to 10.77.137.142:500 > Apr 16 06:05:10.160542: "71807379470_x509" #1: received PAYLOAD_MALFORMED > Apr 16 06:05:10.621130: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 1 seconds for response > Apr 16 06:05:10.623819: "71807379470_x509" #1: Peer ID is ID_DER_ASN1_DN: > 'C=IN, ST=i, L=i, O=i, OU=i, CN=cucm-142' > Apr 16 06:05:10.624153: "71807379470_x509" #1: X509: no EE-cert in chain! > Apr 16 06:05:10.624187: "71807379470_x509" #1: X509: Certificate rejected > for this connection > Apr 16 06:05:10.624208: "71807379470_x509" #1: X509: CERT payload bogus or > revoked > Apr 16 06:05:10.624245: "71807379470_x509" #1: sending encrypted > notification INVALID_ID_INFORMATION to 10.77.137.142:500 > Apr 16 06:05:11.623533: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 2 seconds for response > Apr 16 06:05:13.624146: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 4 seconds for response > Apr 16 06:05:17.624964: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 8 seconds for response > Apr 16 06:05:25.632808: "71807379470_x509" #1: STATE_MAIN_I3: > retransmission; will wait 16 seconds for response > Apr 16 06:05:25.634157: packet from 10.77.137.142:500: phase 1 message is > part of an unknown exchange > Apr 16 06:05:27.903516: "71807379470_x509" #1: Quick Mode message is > unacceptable because it is for an incomplete ISAKMP SA > Apr 16 06:05:37.526420: "71807379470_x509" #1: next payload type of ISAKMP > Hash Payload has an unknown value: 202 (0xca) > Apr 16 06:05:37.526464: "71807379470_x509" #1: malformed payload in packet > > > by end server certificate > > *Certificate*: > Data: > Version: 3 (0x2) > Serial Number: > 21:00:00:00:06:f3:f5:a4:46:60:5d:83:b2:00:00:00:00:00:06 > Signature Algorithm: sha256WithRSAEncryption > Issuer: DC=internal, DC=CAPLAB, CN=CAPLAB-BLDR-DEV-201-CA-1 > Validity > Not Before: Apr 14 02:18:57 2020 GMT > Not After : Apr 14 02:28:57 2022 GMT > Subject: C=IN, ST=i, L=i, O=i, OU=i, CN=cucm-142 > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (2048 bit) > Modulus: > 00:a4:c8:44:64:a3:08:56:8f:23:c0:26:4e:7e:8e: > e6:1e:52:4d:9c:0b:5e:48:7f:70:71:b9:37:68:ac: > f7:e3:72:44:22:30:1a:7a:41:0d:e7:06:ea:7e:cd: > c9:ad:88:52:fd:9c:5b:bb:de:ce:dd:64:05:47:b3: > a7:13:02:5e:0a:99:b3:45:57:cd:ba:64:b8:22:3d: > cb:4e:42:41:53:ea:7c:05:f9:bf:e5:35:9c:04:44: > 89:9a:f5:3f:41:3a:cc:55:6e:76:27:18:9f:01:d9: > 82:cf:26:28:66:d9:d1:84:59:dc:4a:85:84:1f:8f: > 3c:15:bc:7f:5d:b6:f4:26:93:50:64:e8:70:f5:fb: > 19:d0:37:9d:2b:e8:03:f4:8d:10:76:e2:91:24:57: > 7c:c4:f6:ca:39:2a:a6:66:af:69:14:33:f0:2f:35: > 6b:c7:00:39:4a:2f:0e:fd:f5:97:51:66:d4:0e:99: > 1d:0f:0b:dc:d7:0b:7e:a4:b0:21:11:d4:2e:3e:b4: > f7:d2:0a:ba:22:3c:b9:3b:8e:be:71:91:06:8c:7a: > c6:13:ec:df:d9:4c:47:1b:7f:5c:9c:34:93:24:49: > f3:30:e4:3f:28:67:30:1f:7f:86:6a:0f:25:be:fd: > 5b:a3:66:05:6f:ba:ad:c3:c9:03:c0:1d:ba:9d:5e: > 4e:e5 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client > Authentication, IPSec End System > X509v3 Key Usage: critical > Digital Signature, Certificate Sign, CRL Sign > X509v3 Subject Key Identifier: > A4:8B:F6:FE:A2:86:7D:A9:2B:D2:73:8A:40:5A:A0:6E:B2:47:6F:5B > X509v3 Authority Key Identifier: > > keyid:15:2B:6B:1C:78:C9:49:28:8A:F0:2A:83:6A:A4:B4:93:C8:E4:64:96 > > X509v3 CRL Distribution Points: > > Full Name: > > URI:ldap:///CN=CAPLAB-BLDR-DEV-201-CA-1,CN=bldr-dev-201,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=CAPLAB,DC=internal?certificateRevocationList?base?objectClass=cRLDistributionPoint > > Authority Information Access: > CA Issuers - > URI:ldap:///CN=CAPLAB-BLDR-DEV-201-CA-1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=CAPLAB,DC=internal?cACertificate?base?objectClass=certificationAuthority > > 1.3.6.1.4.1.311.20.2: > . > .S.u.b.C.A > X509v3 Basic Constraints: critical > CA:TRUE > Signature Algorithm: sha256WithRSAEncryption > 4b:2f:45:dd:e3:63:bf:9c:ac:aa:7b:b0:a3:e2:27:3c:ff:e4: > 1c:dc:c0:c9:09:6e:04:bf:78:c4:d4:c5:e8:86:e0:16:b9:94: > 89:cd:fa:41:4c:34:89:01:6d:a8:43:49:42:33:91:1c:b1:d6: > 79:42:a7:ae:38:8b:97:77:c6:77:6f:22:7d:8f:4e:67:a0:a4: > 94:fd:df:3d:52:72:ea:ee:cd:d8:f6:95:94:13:f2:81:29:79: > d8:9d:09:55:d4:9a:62:5c:1e:5c:d2:a8:77:fc:8c:be:c2:86: > ba:9b:9c:2f:b9:34:5c:04:1f:6c:d7:c9:95:e8:82:e0:d8:a9: > 33:d9:0b:35:6f:91:db:7a:6f:f7:e4:80:a2:ce:fc:72:f2:9f: > 61:ba:e9:3a:c5:0f:4d:0c:a0:16:d2:8a:93:0e:18:7b:cb:38: > 2a:4f:23:72:00:7a:13:c6:d3:40:f2:46:6b:40:79:71:84:2d: > d6:45:30:d4:c0:8f:83:04:1c:f2:54:16:00:88:41:c2:70:01: > e7:cb:81:83:e9:0d:78:6c:1e:9d:02:7d:db:c6:66:ad:a0:95: > a6:7f:30:ee:30:cd:34:e9:9f:71:ed:d0:2d:86:19:51:c9:d0: > 82:05:9e:bc:ae:23:b4:60:62:66:c7:bf:39:70:87:71:e6:72: > 0a:f3:2c:59 > > Can you please help me out here ? > > Thanks, > Madhan >
71807379470.conf
Description: Binary data
ipsec.conf
Description: Binary data
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
