Hi, I am trying to form a tunnel using RSA authentication in Strongswan with CISCO as peer, but I am getting the below error message.
Aug 22 12:03:34 uxcasxxx charon: 08[CFG] selected peer config 'site-site' Aug 22 12:03:34 uxcasxxx charon: 08[CFG] using certificate "C=IN, O=CAS" Aug 22 12:03:34 uxcasxxx charon: 08[CFG] using trusted ca certificate "C=IN, ST=TN, L=CH, O=CAS, [email protected]" Aug 22 12:03:34 uxcasxxx charon: 08[CFG] checking certificate status of "C=IN, O=CAS" Aug 22 12:03:34 uxcasxxx charon: 08[CFG] certificate status is not available Aug 22 12:03:34 uxcasxxx charon: 08[CFG] reached self-signed root ca with a path length of 0 *Aug 22 12:03:34 uxcasxxx charon: 08[LIB] expected hash algorithm HASH_SHA1, but found HASH_SHA256 (OID: 30:0d:06:09:60:86:48:01:65:03:04:02:01:05:00)* Aug 22 12:03:34 uxcasxxx charon: 08[IKE] signature validation failed, looking for another key Aug 22 12:03:34 uxcasxxx charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Please find my configurations below . ca vpnca cacert=ikeca_email.crt auto=add config setup plutostart=yes plutodebug=all charonstart=yes charondebug=all nat_traversal=yes crlcheckinterval=10m strictcrlpolicy=no conn %default ikelifetime=8h lifetime = 8h rekeyfuzz = 100% keyingtries=1 conn site-site left=172.31.114.227 leftcert=LeftGty_email.crt ike=aes128-sha256-modp1536! esp=aes128-sha256! [email protected] rightsubnet=0.0.0.0/0 leftfirewall=yes right=%any [email protected] keyexchange=ikev2 auto=add ipsec.secrets : RSA LeftGty_email.key I am suspecting the problem in configurations.If so, please help me to correct the configuration or else what could be the reason for the failure?. Regards, Saravanan N
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
