Hi,
Kernel 2.4.18, ipsec 1.97 with the x509 patch applied.
Config :
# basic configuration
config setup
#interfaces="ipsec0=eth0"
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
conn bh-vo
authby=rsasig
right=%defaultroute
rightsubnet=192.168.1.0/14
rightcert=igmar.cer
left=62.58.152.114
leftsubnet=10.1.0.0/16
leftcert=pix.cer
pfs=yes
auto=add
Starting the connection gives me :
[root_at_wrkst /root]# ipsec auto --up bh-vo
104 "bh-vo" #1: STATE_MAIN_I1: initiate
106 "bh-vo" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "bh-vo" #1: ignoring Vendor ID payload
003 "bh-vo" #1: ignoring Vendor ID payload
003 "bh-vo" #1: ignoring Vendor ID payload
108 "bh-vo" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "bh-vo" #1: encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA
003 "bh-vo" #1: we require peer to have ID
'0x2A864886F70D010902=JOF01001.jagergroep.local,
CN=JOF01001.jagergroep.local', but peer declares '62.58.152.114'
218 "bh-vo" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
010 "bh-vo" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
The other site is a PIX 515 which is suppose to get it's certs from a MS
CA server.
The Linux site debug logs show me that it loads the CA cert, the client and
the remote cert.
Anyone that can translate that error for me ???
Regards,
Igmar
--Igmar Palsenberg JDI Media Solutions
Boulevard Heuvelink 102 6828 KT Arnhem The Netherlands
mailto: i.palsenberg_at_jdimedia.nl PGP/GPG key : http://www.jdimedia.nl/formulier/pgp/igmar
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST