Re: [strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Mon, 25 Apr 2016 09:36:17 -0700 

Still not behaving, seeing this error:
Apr 25 11:20:44 RH7Standard charon: 09[IKE] received end entity cert
"C=US, O=BSI, [email protected]"
Apr 25 11:20:44 RH7Standard charon: 09[CFG] looking for XAuthInitRSA peer
configs matching 10.0.11.200...10.0.11.160[C=US, O=BSI,
[email protected]]
Apr 25 11:20:44 RH7Standard charon: 09[IKE] found 1 matching config, but
none allows XAuthInitRSA authentication using Main Mode
Apr 25 11:20:44 RH7Standard charon: 09[ENC] generating INFORMATIONAL_V1
request 3548306400 [ HASH N(AUTH_FAILED) ]



I have tried a few variations with out success, like
authby=xauthrsasig
        authby=xauthpsk


I presume this is the configuration example I should be looking at to get
this to behave:
https://www.strongswan.org/testing/testresults/ikev1/xauth-id-rsa-hybrid/




________________________________________


Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
[email protected]
www.blanchardsystems.com <http://www.blanchardsystems.com/>

-----------------------------------------------------

Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars. 
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.









On 4/25/16, 10:52 AM, "Tobias Brunner" <[email protected]> wrote:

>Hi Jude,
>
>> I am using a simplified ipsec.conf file:
>> cat ipsec.conf
>> # /etc/ipsec.conf - strongSwan IPsec configuration file
>> 
>> 
>> config setup
>> 
>> 
>> conn %default
>>      ikelifetime=60m
>>      keylife=20m
>>      rekeymargin=3m
>>      keyingtries=1
>>      keyexchange=ikev1
>> leftauth=pubkey
>>      rightauth=pubkey
>>      rightid="C=US, O=BSI, [email protected]"
>
>You need at least one conn section other than %default that has
>`auto=add` configured, otherwise, there are no configs:
>
>> Apr 25 09:47:57 RH7Standard charon: 10[IKE] no IKE config found for
>> 10.0.11.200...10.0.11.160, sending NO_PROPOSAL_CHOSEN
>
>And you will probably still need rightauth2=xauth for this client.
>
>Regards,
>Tobias
>

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to