The error message : 15[IKE] received AUTHENTICATION_FAILED notify error
means that the authentication failed on the remote side. Please check the logs of the peer. Andreas On 02/24/2011 06:25 PM, Gary Smith wrote: >>> I think I'm a little confused as to where the keys need to go. Do I >>> need to export the cert (without key) and dump it into >>> /etc/ipsec.d/certs and export the key separately and dump it into >>> /etc/ipsec.d/private? >>> >> Yes, this is correct! >> > > Andreas, > > So I exported the cert/key separately and now ipsec certlists shows that the > private key is included. The now when I run the ipsec up connname it appears > to be doing the negotiation but dies with the error listed below: > > parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] > received AUTHENTICATION_FAILED notify error > > Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin > > Feb 24 08:52:47 hslinvpn01 charon: 14[IKE] establishing CHILD_SA fre-lin > > Feb 24 08:52:47 hslinvpn01 charon: 14[ENC] generating IKE_AUTH request 1 [ > IDi IDr AUTH SA TSi TSr N(EAP_ONLY) ] > > Feb 24 08:52:47 hslinvpn01 charon: 14[NET] sending packet: from > > Feb 24 08:52:47 hslinvpn01 charon: 15[NET] received packet: from > > Feb 24 08:52:47 hslinvpn01 charon: 15[ENC] parsed IKE_AUTH response 1 [ > N(AUTH_FAILED) ] > > Feb 24 08:52:47 hslinvpn01 charon: 15[IKE] received AUTHENTICATION_FAILED > notify error > > Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] received stroke: terminate > 'fre-lin' > > Feb 24 08:52:54 hslinvpn01 charon: 10[CFG] no IKE_SA named 'fre-lin' found -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
