I am using Freeswan 1.92 and SSH 1.3.2 on XP along with X509 certificates to
create an IPSEC tunnel. The SSH diagnositics test passes but the actual
connection fails with the following in the IKE audit log.
SPD: Can not determine per-rule trusted CA root set for remote identity
fqdn(any:0,[0..10]=genosserver). Using only globally trusted roots.
0.0.0.0:500 (Initiator) <-> 10.0.105.1:500 { b57c3bc8 5e000007 - 46029738
a9bc1249 [-1] / 0x00000000 } IP; No public key found
Phase-1 [initiator] between der_asn1_dn(udp:500,[0..59]=C=uk, ST=wg,
O=swdev, CN=user1) and ipv4(udp:500,[0..3]=10.0.105.1) failed;
Authentication fai
led.
0.0.0.0:500 (Initiator) <-> 10.0.105.1:500 { b57c3bc8 5e000007 - 46029738
a9bc1249 [-1] / 0x00000000 } IP; Error = Authentication failed (24)
On the surface it looks like I have not created or imported my certificate
correctly into SSH. But the very same certificates work if I disable the
SSH client and use the native XP IPSEC client.
The certificate has been imported into SSH and appears in the Trusted CA
list and when I run diagnostics the first time it asks me if I want to trust
the server certificate.
If I use SSH with PSK then that works fine.
Is anyone able to give me any guidance on what I might be doing wrong?
Thanks
Jeremy
This message from Red-M contains information which may be confidential and privileged. Unless you are the addressee (or authorised to receive for the addressee), you should not use, copy or disclose to anyone the details or information contained in this message. The content of the message and or attachments may not reflect the view and opinions of the originating company. If you have received this message in error, you should reply to the sender and copy email_at_red-m.com and delete the message from your system. Thank you for your co-operation.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST