Hi , I have tried to form a site-site tunnel using RSA authentication with DN identification. But I am getting the below error messages . Please help me to solve this problem.
rom 'LeftGty-sha1-2048_fqdn.crt' Oct 1 14:34:53 localhost charon: 11[CFG] added configuration 'site-site' Oct 1 14:42:24 localhost charon: 12[NET] received packet: from 35.0.0.1[500] to 35.0.0.2[500] Oct 1 14:42:24 localhost charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Oct 1 14:42:24 localhost charon: 12[IKE] 35.0.0.1 is initiating an IKE_SA Oct 1 14:42:24 localhost charon: 12[IKE] sending cert request for "C=CA, ST=CA, L=CA, O=CA, OU=CA, CN=CA, [email protected]" Oct 1 14:42:24 localhost charon: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA" Oct 1 14:42:24 localhost charon: 12[IKE] sending cert request for "C=IN, ST=TN, L=CH, O=CAS, [email protected]" Oct 1 14:42:24 localhost charon: 12[IKE] sending cert request for "C=CH, ST=CH, L=CH, O=strongswan, OU=strongswan, CN=strongswan, [email protected] " Oct 1 14:42:24 localhost charon: 12[IKE] sending cert request for "C=in, ST=ar, L=ar, O=ar, OU=ar, CN=ar, [email protected]" Oct 1 14:42:24 localhost charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] Oct 1 14:42:24 localhost charon: 12[NET] sending packet: from 35.0.0.2[500] to 35.0.0.1[500] Oct 1 14:42:26 localhost charon: 13[NET] received packet: from 35.0.0.1[500] to 35.0.0.2[500] Oct 1 14:42:26 localhost charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH SA TSi TSr ] Oct 1 14:42:26 localhost charon: 13[IKE] received cert request for "C=CH, ST=CH, L=CH, O=strongswan, OU=strongswan, CN=strongswan, [email protected] " Oct 1 14:42:26 localhost charon: 13[IKE] received end entity cert "C=CH, O=strongswan, OU=strongswan, CN=iss" Oct 1 14:42:26 localhost charon: 13[CFG] looking for peer configs matching 35.0.0.2[%any]...35.0.0.1[] Oct 1 14:42:26 localhost charon: 13[CFG] no matching peer config found Oct 1 14:42:26 localhost charon: 13[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Oct 1 14:42:26 localhost charon: 13[NET] sending packet: from 35.0.0.2[500] to 35.0.0.1[500] Please correct me , if my configurations are not proper. Configuration _____________ ipsec.conf ___________ ca vpnca cacert=ikeca-sha1-2048-fqdn.crt auto=add config setup plutostart=yes plutodebug=all charonstart=yes charondebug=all nat_traversal=yes crlcheckinterval=10m strictcrlpolicy=no conn %default ikelifetime=8h lifetime = 8h rekeyfuzz = 100% keyingtries=1 conn site-site keyexchange=ikev2 left=35.0.0.2 leftcert=LeftGty-sha1-2048_fqdn.crt ike=aes256-sha1-sha256-modp1536! esp=aes256-sha1-sha256! leftid="C=CH, O=strongswan, CN=strongswan1" rightsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightid="C=CH, O=strongswan, CN=iss" auto=add ipsec.secrets ++++++++++ : RSA LeftGty-sha1-2048_fqdn.key I could not suspect the certificates, because the same certificates are working fine for fqdn identification. I just changed the identification from fqdn to dn , as i have configured dn parameters properly while generating certificates. Regards, Saravanan N
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
