Re[2]: [Users] who will tell me what does it mean, pls

From: Pavel Rastopshin (admin_at_pelikan.ru)
Date: Tue Sep 10 2002 - 14:25:49 CEST

• Next message: Bjцrn Sundberg: "Re: [Users] we have no ipsecN interface for either end of this connection"
• Previous message: Rogue Shoten: "RE: [Users] Nat traversal"
• In reply to: Ken Bantoft: "Re: [Users] who will tell me what does it mean, pls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On the other side of connection i see the problems with RSA key

In logs it is no RSA public key for 'IP'
May be I don't understand, what shoud i do.
Now I did like this, took pubkey=..... from ipsec.secrets of one
gateway and put it to leftrsasigkey=.... of ipsec.conf

then took pubkey=..... from ipsec.secrets of another
gateway and put it to rightrsasigkey=....

and put cloned ipsec.conf on two gateways

Am I right???

KB> On Tue, 10 Sep 2002, Pavel Rastopshin wrote:

>> [root_at_patrick /etc]# ipsec auto --up moscow-verbilki
>> 104 "moscow-verbilki" #200: STATE_MAIN_I1: initiate
>> 106 "moscow-verbilki" #200: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2, expecting MR2
>> 108 "moscow-verbilki" #200: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3, expecting MR3
>> 010 "moscow-verbilki" #200: STATE_MAIN_I3: retransmission; will wait 20s for response
>> 003 "moscow-verbilki" #200: discarding duplicate packet; already STATE_MAIN_I3
>> 003 "moscow-verbilki" #200: discarding duplicate packet; already STATE_MAIN_I3
>> 010 "moscow-verbilki" #200: STATE_MAIN_I3: retransmission; will wait 40s for response
>> 031 "moscow-verbilki" #200: max number of retransmissions (2) reached STATE_MAIN_I3. Possible
>> authentication failure: no acceptable response to our first encrypted message
>> 000 "moscow-verbilki" #200: starting keying attempt 2 of an unlimited number, but releasing
>> whack
>> [root_at_patrick /etc]#
>>

KB> That's not too helpfull, since it's only one side of the connection.
KB> However, the key message is "Possible authentication failure: no
KB> acceptable response to our first encrypted message" which indicates a
KB> mis-match of a pre shared key, or RSA Sig - however you don't indicate
KB> what you are using.

С Уважением,
Павел Растопшин
Системный Администратор Гелиопарк-отеля

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Bjцrn Sundberg: "Re: [Users] we have no ipsecN interface for either end of this connection"
• Previous message: Rogue Shoten: "RE: [Users] Nat traversal"
• In reply to: Ken Bantoft: "Re: [Users] who will tell me what does it mean, pls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Sep 11 2002 - 05:19:58 CEST