Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>

From: Chad Carr (ccarr_at_franzdoodle.com)
Date: Wed Mar 27 2002 - 06:31:14 CET

Next message: chandrakant: "[Users] (no subject)"
Previous message: sohu: "[Users] i want to connect to freeswan from a win98 platform"
In reply to: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Next in thread: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Reply: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 23 Mar 2002 01:04:00 +0100
"Andreas Steffen" <andreas.steffen_at_zhwin.ch> wrote:

> Chad Carr wrote:
>
> > Feb 3 09:15:58 wlanfw Pluto[1901]: "w2k-road-warriors" #1: responding
> > to Main Mode from unknown peer 192.168.3.10 Feb 3 09:15:59 wlanfw
> > Pluto[1901]: "w2k-road-warriors" #1: Peer ID is ID_DER_ASN1_DN: 'C=US,
> > ST=California, L=Orange, O=Win2000 Client, CN=Chad Carr,
> > E=ccarr_at_franzdoodle.com' Feb 3 09:15:59 wlanfw Pluto[1901]:
> > "w2k-road-warriors" #1: Certificate is invalid
>
> This error message says that current date Feb 3 09:15:59 does not fall
> between the
> notBefore and notAfter dates coded in the certificate. This is why the
> cert is not valid.

Thanks so much for your reply. Seems simple enough that it should have
occurred to me without help, but thanks for it nonetheless. Setting my
ipsec gateway's date to something more current than 1980 did the trick.

Continuing, however, I am now to a point in my installation where I seem
to get very close to a connection, but pluto is reporting that it cannot
find some file called "IPSec" but I cannot find a reference to a file like
that anywhere. I have looked very thoroughly at the scripts (so much so
that I have modified _updown, _startklips and _realsetup to use iproute2
instead of ifconfig, netstat and route for my embedded application which
doesn't have those programs) and I cannot find anything in them. Is there
a shell call in the pluto binary somewhere? Or am I misinterpreting the
log file?

Thanks in advance for taking the time to help. auth.log attached.

Mar 25 09:56:51 wlanfw ipsec__plutorun: Starting Pluto subsystem...
Mar 25 09:56:52 wlanfw Pluto[835]: Starting Pluto (FreeS/WAN Version 1.96)
Mar 25 09:56:52 wlanfw Pluto[835]: including X.509 patch (Version 0.9.9)
Mar 25 09:56:52 wlanfw Pluto[835]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 25 09:56:52 wlanfw Pluto[835]: loaded cacert file 'RootCA.der' (1146 bytes)
Mar 25 09:56:52 wlanfw Pluto[835]: Changing to directory '/etc/ipsec.d/crls'
Mar 25 09:56:52 wlanfw Pluto[835]: loaded crl file 'crl.pem' (682 bytes)
Mar 25 09:56:52 wlanfw Pluto[835]: loaded my X.509 cert file '/etc/x509cert.der' (1195 bytes)
Mar 25 09:56:54 wlanfw Pluto[835]: added connection description "w2k-road-warriors"
Mar 25 09:56:55 wlanfw Pluto[835]: listening for IKE messages
Mar 25 09:56:55 wlanfw Pluto[835]: adding interface ipsec0/eth0 192.168.3.1
Mar 25 09:56:55 wlanfw Pluto[835]: loading secrets from "/etc/ipsec.secrets"
Mar 25 09:59:34 wlanfw login[845]: root login on `ttyS0'
Mar 25 10:00:57 wlanfw Pluto[835]: packet from 192.168.3.10:500: Informational Exchange is for an unknown (expired?) SA
Mar 25 10:01:01 wlanfw Pluto[835]: packet from 192.168.3.10:500: ignoring Vendor ID payload
Mar 25 10:01:01 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: responding to Main Mode from unknown peer 192.168.3.10
Mar 25 10:01:02 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: Peer ID is ID_DER_ASN1_DN: 'C=US, ST=California, L=Orange, O=Chad's IPSec Client, CN=Chad Carr, E=ccarr_at_franzdoodle.com'
Mar 25 10:01:02 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: deleting connection "w2k-road-warriors" instance with peer 192.168.3.10
Mar 25 10:01:04 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: sent MR3, ISAKMP SA established
Mar 25 10:01:04 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 25 10:01:04 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: responding to Quick Mode
Mar 25 10:01:05 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client output: sh: IPSec: command not found
Mar 25 10:01:05 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client command exited with status 127
Mar 25 10:01:05 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: ignoring Delete SA payload
Mar 25 10:01:05 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #1: received and ignored informational message
Mar 25 10:01:15 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client output: sh: IPSec: command not found
Mar 25 10:01:15 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client command exited with status 127
Mar 25 10:01:15 wlanfw Pluto[835]: ERROR: "w2k-road-warriors" 192.168.3.10 #2: pfkey write() of SADB_DELETE message 21 for Delete SA esp.caeb80d2_at_192.168.3.1 failed. Errno 3: No such process
Mar 25 10:01:15 wlanfw Pluto[835]: | 02 04 00 03 0a 00 00 00 15 00 00 00 43 03 00 00
Mar 25 10:01:15 wlanfw Pluto[835]: | 02 00 01 00 ca eb 80 d2 00 01 00 00 00 00 00 00
Mar 25 10:01:15 wlanfw Pluto[835]: | 03 00 05 00 00 00 00 00 02 00 01 f4 c0 a8 03 0a
Mar 25 10:01:15 wlanfw Pluto[835]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Mar 25 10:01:15 wlanfw Pluto[835]: | 02 00 00 00 c0 a8 03 01 00 00 00 00 00 00 00 00
Mar 25 10:01:35 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client output: sh: IPSec: command not found
Mar 25 10:01:35 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: up-client command exited with status 127
Mar 25 10:01:35 wlanfw Pluto[835]: ERROR: "w2k-road-warriors" 192.168.3.10 #2: pfkey write() of SADB_DELETE message 28 for Delete SA esp.caeb80d2_at_192.168.3.1 failed. Errno 3: No such process
Mar 25 10:01:35 wlanfw Pluto[835]: | 02 04 00 03 0a 00 00 00 1c 00 00 00 43 03 00 00
Mar 25 10:01:35 wlanfw Pluto[835]: | 02 00 01 00 ca eb 80 d2 00 01 00 00 00 00 00 00
Mar 25 10:01:35 wlanfw Pluto[835]: | 03 00 05 00 00 00 00 00 02 00 01 f4 c0 a8 03 0a
Mar 25 10:01:35 wlanfw Pluto[835]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Mar 25 10:01:35 wlanfw Pluto[835]: | 02 00 00 00 c0 a8 03 01 00 00 00 00 00 00 00 00
Mar 25 10:02:15 wlanfw Pluto[835]: "w2k-road-warriors" 192.168.3.10 #2: max number of retransmissions (2) reached STATE_QUICK_R1
Mar 25 10:02:15 wlanfw Pluto[835]: ERROR: "w2k-road-warriors" 192.168.3.10 #2: pfkey write() of SADB_DELETE message 29 for Delete SA esp.caeb80d2_at_192.168.3.1 failed. Errno 3: No such process
Mar 25 10:02:15 wlanfw Pluto[835]: | 02 04 00 03 0a 00 00 00 1d 00 00 00 43 03 00 00
Mar 25 10:02:15 wlanfw Pluto[835]: | 02 00 01 00 ca eb 80 d2 00 01 00 00 00 00 00 00
Mar 25 10:02:15 wlanfw Pluto[835]: | 03 00 05 00 00 00 00 00 02 00 01 f4 c0 a8 03 0a
Mar 25 10:02:15 wlanfw Pluto[835]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Mar 25 10:02:15 wlanfw Pluto[835]: | 02 00 00 00 c0 a8 03 01 00 00 00 00 00 00 00 00
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: chandrakant: "[Users] (no subject)"
Previous message: sohu: "[Users] i want to connect to freeswan from a win98 platform"
In reply to: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Next in thread: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Reply: Andreas Steffen: "Re: [Users] x509 certificate patch - error: no RSA public key found for <DN>"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST