Hi Diego, either the IKE identity "[email protected]" must be contained as a subjectAltName in the client certificate or the IKE identity must be ""C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec, [email protected]".
Regards Andreas On 03/26/2013 06:39 PM, carachi diego wrote: > Hello, > I am trying to configure a roadwarrior system between Linux Debian and > Windows XP. > > I configure the gateway like in the example but it give me this error: > > Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found > for '[email protected] <mailto:[email protected]>' > Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found > Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1 > request 2480925513 [ HASH N(AUTH_FAILED) ] > > How can I solve it? > Thank you very much. > > > > LOG FILE > > Mar 26 14:06:40 debian charon: 00[DMN] signal of type SIGINT received. > Shutting down > Mar 26 14:06:43 debian charon: 00[DMN] Starting IKE charon daemon > (strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64) > Mar 26 14:06:43 debian charon: 00[CFG] loading ca certificates from > '/etc/ipsec.d/cacerts' > Mar 26 14:06:43 debian charon: 00[CFG] loaded ca certificate "C=UK, > ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, [email protected] > <mailto:[email protected]>" from '/etc/ipsec.d/cacerts/ca.crt' > Mar 26 14:06:43 debian charon: 00[CFG] loading aa certificates from > '/etc/ipsec.d/aacerts' > Mar 26 14:06:43 debian charon: 00[CFG] loading ocsp signer certificates > from '/etc/ipsec.d/ocspcerts' > Mar 26 14:06:43 debian charon: 00[CFG] loading attribute certificates > from '/etc/ipsec.d/acerts' > Mar 26 14:06:43 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' > Mar 26 14:06:43 debian charon: 00[CFG] loading secrets from > '/etc/ipsec.secrets' > Mar 26 14:06:43 debian charon: 00[CFG] loaded RSA private key from > '/etc/ipsec.d/private/gateway.key' > Mar 26 14:06:43 debian charon: 00[DMN] loaded plugins: charon curl > test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 > revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink > socket-default updown > Mar 26 14:06:43 debian charon: 00[JOB] spawning 16 worker threads > Mar 26 14:06:43 debian charon: 08[CFG] received stroke: add connection 'rw' > Mar 26 14:06:43 debian charon: 08[CFG] loaded certificate "C=UK, > ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec, [email protected] > <mailto:[email protected]>" from 'gateway.crt' > Mar 26 14:06:43 debian charon: 08[CFG] id 'gw.ipsec.com > <http://gw.ipsec.com>' not confirmed by certificate, defaulting to > 'C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec, > [email protected] <mailto:[email protected]>' > Mar 26 14:06:43 debian charon: 08[CFG] added configuration 'rw' > Mar 26 14:06:51 debian charon: 10[NET] received packet: from > 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes) > Mar 26 14:06:51 debian charon: 10[ENC] parsed ID_PROT request 0 [ SA V V > V V V V V V V V V ] > Mar 26 14:06:51 debian charon: 10[IKE] received > draft-ietf-ipsec-nat-t-ike-00 vendor ID > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID: > 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62 > Mar 26 14:06:51 debian charon: 10[IKE] received > draft-ietf-ipsec-nat-t-ike-02\n vendor ID > Mar 26 14:06:51 debian charon: 10[IKE] received > draft-ietf-ipsec-nat-t-ike-03 vendor ID > Mar 26 14:06:51 debian charon: 10[IKE] received NAT-T (RFC 3947) vendor ID > Mar 26 14:06:51 debian charon: 10[IKE] received FRAGMENTATION vendor ID > Mar 26 14:06:51 debian charon: 10[IKE] received DPD vendor ID > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID: > f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26 > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID: > 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51 > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID: > 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b > Mar 26 14:06:51 debian charon: 10[IKE] received Cisco Unity vendor ID > Mar 26 14:06:51 debian charon: 10[IKE] 172.16.151.141 is initiating a > Main Mode IKE_SA > Mar 26 14:06:51 debian charon: 10[ENC] generating ID_PROT response 0 [ > SA V V V ] > Mar 26 14:06:51 debian charon: 10[NET] sending packet: from > 172.16.151.100[500] to 172.16.151.141[500] (140 bytes) > Mar 26 14:06:51 debian charon: 11[NET] received packet: from > 172.16.151.141[500] to 172.16.151.100[500] (365 bytes) > Mar 26 14:06:51 debian charon: 11[ENC] parsed ID_PROT request 0 [ KE No > CERTREQ NAT-D NAT-D ] > Mar 26 14:06:51 debian charon: 11[IKE] ignoring certificate request > without data > Mar 26 14:06:51 debian charon: 11[IKE] sending cert request for "C=UK, > ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, [email protected] > <mailto:[email protected]>" > Mar 26 14:06:51 debian charon: 11[ENC] generating ID_PROT response 0 [ > KE No CERTREQ NAT-D NAT-D ] > Mar 26 14:06:51 debian charon: 11[NET] sending packet: from > 172.16.151.100[500] to 172.16.151.141[500] (517 bytes) > Mar 26 14:06:51 debian charon: 12[NET] received packet: from > 172.16.151.141[500] to 172.16.151.100[500] (1564 bytes) > Mar 26 14:06:51 debian charon: 12[ENC] parsed ID_PROT request 0 [ ID > CERT SIG ] > Mar 26 14:06:51 debian charon: 12[IKE] received end entity cert "C=UK, > ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec, [email protected] > <mailto:[email protected]>" > Mar 26 14:06:51 debian charon: 12[CFG] looking for RSA signature peer > configs matching 172.16.151.100...172.16.151.141[[email protected] > <mailto:[email protected]>] > Mar 26 14:06:51 debian charon: 12[CFG] selected peer config "rw" > Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found > for '[email protected] <mailto:[email protected]>' > Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found > Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1 > request 2480925513 [ HASH N(AUTH_FAILED) ] > Mar 26 14:06:51 debian charon: 12[NET] sending packet: from > 172.16.151.100[500] to 172.16.151.141[500] (92 bytes) > Mar 26 14:07:18 debian mpt-statusd: detected non-optimal RAID status ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
