Re: [Users] Help FreeSWAN, x509, and SSH Sentinel 1.4

From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Dec 11 2002 - 14:26:19 CET

• Next message: Ken Bantoft: "Re: [Users] How to measure the performance of freeswan?"
• Previous message: Andreas Steffen: "Re: [Users] ipsec 1.95 and Suse 8.0"
• In reply to: Bruce A. Black: "[Users] Help FreeSWAN, x509, and SSH Sentinel 1.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 10 Dec 2002, Bruce A. Black wrote:

> Dear List,
>
> I have been searching through all of the posts to this list and have read a
> number of documents on getting FreeSWAN to work with SSH Sentinel. I have
> both set up and when I click the "Diagnostic" button in SSH Sentinel all is
> well. However when I try to actually connect I get the following:
>
> /var/log/secure
>
> Dec 10 18:44:04 warrior pluto[14997]: "rw-bblack"[2] 206.206.30.31 #5:
> Issuer CA certificate not found
> Dec 10 18:44:04 warrior pluto[14997]: "rw-bblack"[2] 206.206.30.31 #5: X.509
> certificate rejected
> Dec 10 18:44:04 warrior pluto[14997]: "rw-bblack"[2] 206.206.30.31 #5: sent
> MR3, ISAKMP SA established
> Dec 10 18:44:05 warrior pluto[14997]: "rw-bblack"[2] 206.206.30.31 #5:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Dec 10 18:44:05 warrior pluto[14997]: "rw-bblack"[2] 206.206.30.31 #5:
> Informational Exchange message for an established ISAKMP SA must be
> encrypted

That pretty much says it all. FreeS/WAN doesn't have the CACert
for whoever issued the cert SSH Sent. is providing. Check
spelling/filenames/etc... of files in /etc/ipsec.d

- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
                           PGP Key: finger ken_at_bantoft.org
"Anyone who considers arithmetical methods of producing
random digits is, of course, in a state of sin."
                    -- John Von Neumann, 1951

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPfc8/ViWUusaxGxpAQEoEwP+Lqns+xeME5gnHPm9oV7HPaWqy7PJ2Cqs
mmW6jdd2AP+9hqVfqC6HKmRrV5+rVp+FNxfXX6+WL16W06S7Gipu7oF95dsrcIIG
VUPuB5jVmLhLkzLhbvTzdcRGgFjwpXlkkDMBTPWlPFo/uLLizWMxGE407shrffJY
K+0vQPPrsMg=
=atoO
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] How to measure the performance of freeswan?"
• Previous message: Andreas Steffen: "Re: [Users] ipsec 1.95 and Suse 8.0"
• In reply to: Bruce A. Black: "[Users] Help FreeSWAN, x509, and SSH Sentinel 1.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Dec 12 2002 - 05:21:05 CET