Re: [Users] no RSA public key found

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Wed Oct 30 2002 - 07:54:12 CET

• Next message: martin f krafft: "Re: [Users] no RSA public key found"
• Previous message: Sam Sgro: "Re: [Users] confused! Help!"
• In reply to: martin f krafft: "Re: [Users] no RSA public key found"
• Next in thread: martin f krafft: "Re: [Users] no RSA public key found"
• Reply: martin f krafft: "Re: [Users] no RSA public key found"
• Reply: martin f krafft: "Re: [Users] no RSA public key found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What connection definition is shown if you type

   ipsec auto --status

after you have started up pluto on both sides? Are there
any error messages in the log during startup?

Andreas

martin f krafft wrote:
>>>This applies only if you load the certificate locally by
>>>using
>>>
>>> [right|left]cert=
>>>
>>>In this case the distinguished subject name of the certificate is
>>>automatically assigned to [right|left]id. This can be overrun
>>>by a [right|left]id defining one of the subjectAltNames contained
>>>in the certificate as the ID.
>>
>
> Still no dice. Now my config is like this:
>
> conn %default
> authby=rsasig
> rightrsasigkey=%cert
> right=217.162.173.237
> rightsubnet=192.168.2.0/24
> rightnexthop=217.162.172.1
> leftrsasigkey=%cert
> left=80.218.18.6
> leftsubnet=192.168.1.0/24
> leftnexthop=80.218.16.1
> auto=start
>
> conn leftside # on the left side only
> leftcert=private/fishbowl.dyn.madduck.net.pem
> rightid="C=CH, O=madduck.net, CN=albatros.dyn.madduck.net"
>
> conn rightside # on the right side only
> rightcert=private/albatros.dyn.madduck.net.pem
> leftid="C=CH, O=madduck.net, CN=fishbowl.dyn.madduck.net"
>
> but I still get the error:
>
> left:
> pluto[30165]: "gate-albatros" #9: Peer ID is ID_IPV4_ADDR:
> '217.162.173.237'
> pluto[30165]: "gate-albatros" #9: Issuer CRL not found
> pluto[30165]: "gate-albatros" #9: Issuer CRL not found
> pluto[30165]: "gate-albatros" #9: no suitable connection for peer
> '217.162.173.237'
>
> right:
> pluto[22175]: "gate-albatros" #9: ignoring informational payload, type
> INVALID_ID_INFORMATION
> pluto[22175]: "gate-albatros" #9: discarding duplicate packet; already
> STATE_MAIN_I3
>
> What am I doing wrong?
>

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: martin f krafft: "Re: [Users] no RSA public key found"
• Previous message: Sam Sgro: "Re: [Users] confused! Help!"
• In reply to: martin f krafft: "Re: [Users] no RSA public key found"
• Next in thread: martin f krafft: "Re: [Users] no RSA public key found"
• Reply: martin f krafft: "Re: [Users] no RSA public key found"
• Reply: martin f krafft: "Re: [Users] no RSA public key found"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET