<div dir="ltr"><div><div><div><div>Hello Andreas,<br></div>Thank you very much! I solved the Certificates problem and now the end point is able to connect to the server but It can't ping the inside network of the server and it give this error:<br>
<br>Mar 28 10:17:20 debian charon: 13[ENC] generating INFORMATIONAL_V1 request 656008616 [ HASH N(DPD_ACK) ]<br>Mar 28 10:17:20 debian charon: 13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
Mar 28 10:17:25 debian charon: 14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>Mar 28 10:17:25 debian charon: 14[ENC] parsed QUICK_MODE request 2854336081 [ HASH SA No ID ID ]<br>Mar 28 10:17:25 debian charon: 14[ENC] received HASH payload does not match<br>
Mar 28 10:17:25 debian charon: 14[IKE] integrity check failed<br><br></div>I try to understand to possible cause of this error but I didn't understart why the integrity failed.<br></div>Thank you very much<br><br></div>
Diego<br><div><div><div><div><div><br><br><br>Mar 28 10:16:21 debian charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)<br>Mar 28 10:16:21 debian charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>
Mar 28 10:16:21 debian charon: 00[CFG] loaded ca certificate "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>" from '/etc/ipsec.d/cacerts/strongswanCert.pem'<br>
Mar 28 10:16:21 debian charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<br>Mar 28 10:16:21 debian charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>Mar 28 10:16:21 debian charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>
Mar 28 10:16:21 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>Mar 28 10:16:21 debian charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'<br>Mar 28 10:16:21 debian charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/gatewayKey.pem'<br>
Mar 28 10:16:21 debian charon: 00[DMN] loaded plugins: charon curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown<br>
Mar 28 10:16:21 debian charon: 00[JOB] spawning 16 worker threads<br>Mar 28 10:16:21 debian charon: 08[CFG] received stroke: add connection 'rw'<br>Mar 28 10:16:21 debian charon: 08[CFG] loaded certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>" from 'gatewayCert.pem'<br>
Mar 28 10:16:21 debian charon: 08[CFG] id '<a href="http://ipsec.org">ipsec.org</a>' not confirmed by certificate, defaulting to 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>'<br>
Mar 28 10:16:21 debian charon: 08[CFG] added configuration 'rw'<br>Mar 28 10:16:50 debian charon: 09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)<br>Mar 28 10:16:50 debian charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V ]<br>
Mar 28 10:16:50 debian charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID<br>Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62<br>Mar 28 10:16:50 debian charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
Mar 28 10:16:50 debian charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>Mar 28 10:16:50 debian charon: 09[IKE] received NAT-T (RFC 3947) vendor ID<br>Mar 28 10:16:50 debian charon: 09[IKE] received FRAGMENTATION vendor ID<br>
Mar 28 10:16:50 debian charon: 09[IKE] received DPD vendor ID<br>Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26<br>Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51<br>
Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b<br>Mar 28 10:16:50 debian charon: 09[IKE] received Cisco Unity vendor ID<br>Mar 28 10:16:50 debian charon: 09[IKE] 172.16.151.141 is initiating a Main Mode IKE_SA<br>
Mar 28 10:16:50 debian charon: 09[ENC] generating ID_PROT response 0 [ SA V V V ]<br>Mar 28 10:16:50 debian charon: 09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)<br>Mar 28 10:16:50 debian charon: 10[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)<br>
Mar 28 10:16:50 debian charon: 10[ENC] parsed ID_PROT request 0 [ KE No CERTREQ NAT-D NAT-D ]<br>Mar 28 10:16:50 debian charon: 10[IKE] ignoring certificate request without data<br>Mar 28 10:16:50 debian charon: 10[IKE] sending cert request for "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>
Mar 28 10:16:50 debian charon: 10[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]<br>Mar 28 10:16:50 debian charon: 10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (499 bytes)<br>Mar 28 10:16:50 debian charon: 11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)<br>
Mar 28 10:16:50 debian charon: 11[ENC] parsed ID_PROT request 0 [ ID CERT SIG ]<br>Mar 28 10:16:50 debian charon: 11[IKE] received end entity cert "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>
Mar 28 10:16:50 debian charon: 11[CFG] looking for RSA signature peer configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>]<br>Mar 28 10:16:50 debian charon: 11[CFG] selected peer config "rw"<br>
Mar 28 10:16:50 debian charon: 11[CFG] using certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>Mar 28 10:16:50 debian charon: 11[CFG] using trusted ca certificate "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>
Mar 28 10:16:50 debian charon: 11[CFG] checking certificate status of "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>Mar 28 10:16:50 debian charon: 11[CFG] certificate status is not available<br>
Mar 28 10:16:50 debian charon: 11[CFG] reached self-signed root ca with a path length of 0<br>Mar 28 10:16:50 debian charon: 11[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>' with RSA successful<br>
Mar 28 10:16:50 debian charon: 11[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>' (myself) successful<br>Mar 28 10:16:50 debian charon: 11[IKE] IKE_SA rw[1] established between 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>]...172.16.151.141[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>]<br>
Mar 28 10:16:50 debian charon: 11[IKE] scheduling reauthentication in 3385s<br>Mar 28 10:16:50 debian charon: 11[IKE] maximum IKE_SA lifetime 3565s<br>Mar 28 10:16:50 debian charon: 11[IKE] sending end entity cert "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>"<br>
Mar 28 10:16:50 debian charon: 11[ENC] generating ID_PROT response 0 [ ID CERT SIG ]<br>Mar 28 10:16:50 debian charon: 11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)<br>Mar 28 10:16:50 debian charon: 13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
Mar 28 10:16:50 debian charon: 13[ENC] parsed INFORMATIONAL_V1 request 3664072698 [ HASH N(INITIAL_CONTACT) ]<br>Mar 28 10:16:50 debian charon: 14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (76 bytes)<br>
Mar 28 10:16:50 debian charon: 14[ENC] parsed TRANSACTION request 2518917709 [ HASH CP ]<br>Mar 28 10:16:50 debian charon: 14[ENC] generating TRANSACTION response 2518917709 [ HASH CP ]<br>Mar 28 10:16:50 debian charon: 14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:16:56 debian charon: 15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>Mar 28 10:16:56 debian charon: 15[ENC] parsed QUICK_MODE request 2858606142 [ HASH SA No ID ID ]<br>Mar 28 10:16:56 debian charon: 15[IKE] no matching CHILD_SA config found<br>
Mar 28 10:16:56 debian charon: 15[ENC] generating INFORMATIONAL_V1 request 2459621628 [ HASH N(INVAL_ID) ]<br>Mar 28 10:16:56 debian charon: 15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:17:01 debian charon: 07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>Mar 28 10:17:01 debian charon: 07[IKE] received retransmit of request with ID 2858606142, but no response to retransmit<br>
Mar 28 10:17:01 debian /USR/SBIN/CRON[3245]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)<br>Mar 28 10:17:05 debian charon: 08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
Mar 28 10:17:05 debian charon: 08[ENC] parsed INFORMATIONAL_V1 request 4147076213 [ HASH N(DPD) ]<br>Mar 28 10:17:05 debian charon: 08[ENC] generating INFORMATIONAL_V1 request 2369021677 [ HASH N(DPD_ACK) ]<br>Mar 28 10:17:05 debian charon: 08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
Mar 28 10:17:06 debian charon: 09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>Mar 28 10:17:06 debian charon: 09[ENC] parsed QUICK_MODE request 2858606142 [ HASH SA No ID ID ]<br>Mar 28 10:17:06 debian charon: 09[ENC] received HASH payload does not match<br>
Mar 28 10:17:06 debian charon: 09[IKE] integrity check failed<br>Mar 28 10:17:06 debian charon: 09[ENC] generating INFORMATIONAL_V1 request 1652775182 [ HASH N(INVAL_HASH) ]<br>Mar 28 10:17:06 debian charon: 09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:17:06 debian charon: 09[IKE] QUICK_MODE request with message ID 2858606142 processing failed<br>Mar 28 10:17:11 debian charon: 10[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>
Mar 28 10:17:11 debian charon: 10[ENC] parsed QUICK_MODE request 2858606142 [ HASH SA No ID ID ]<br>Mar 28 10:17:11 debian charon: 10[ENC] received HASH payload does not match<br>Mar 28 10:17:11 debian charon: 10[IKE] integrity check failed<br>
Mar 28 10:17:11 debian charon: 10[ENC] generating INFORMATIONAL_V1 request 1887643626 [ HASH N(INVAL_HASH) ]<br>Mar 28 10:17:11 debian charon: 10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:17:11 debian charon: 10[IKE] QUICK_MODE request with message ID 2858606142 processing failed<br>Mar 28 10:17:20 debian charon: 11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>
Mar 28 10:17:20 debian charon: 11[ENC] parsed QUICK_MODE request 2854336081 [ HASH SA No ID ID ]<br>Mar 28 10:17:20 debian charon: 11[IKE] no matching CHILD_SA config found<br>Mar 28 10:17:20 debian charon: 11[ENC] generating INFORMATIONAL_V1 request 1010882080 [ HASH N(INVAL_ID) ]<br>
Mar 28 10:17:20 debian charon: 11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>Mar 28 10:17:20 debian charon: 13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
Mar 28 10:17:20 debian charon: 13[ENC] parsed INFORMATIONAL_V1 request 1184807654 [ HASH N(DPD) ]<br>Mar 28 10:17:20 debian charon: 13[ENC] generating INFORMATIONAL_V1 request 656008616 [ HASH N(DPD_ACK) ]<br>Mar 28 10:17:20 debian charon: 13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
Mar 28 10:17:25 debian charon: 14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>Mar 28 10:17:25 debian charon: 14[ENC] parsed QUICK_MODE request 2854336081 [ HASH SA No ID ID ]<br>Mar 28 10:17:25 debian charon: 14[ENC] received HASH payload does not match<br>
Mar 28 10:17:25 debian charon: 14[IKE] integrity check failed<br>Mar 28 10:17:25 debian charon: 14[ENC] generating INFORMATIONAL_V1 request 1598670743 [ HASH N(INVAL_HASH) ]<br>Mar 28 10:17:25 debian charon: 14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:17:25 debian charon: 14[IKE] QUICK_MODE request with message ID 2854336081 processing failed<br>Mar 28 10:17:30 debian charon: 15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>
Mar 28 10:17:30 debian charon: 15[ENC] parsed QUICK_MODE request 2854336081 [ HASH SA No ID ID ]<br>Mar 28 10:17:30 debian charon: 15[ENC] received HASH payload does not match<br>Mar 28 10:17:30 debian charon: 15[IKE] integrity check failed<br>
Mar 28 10:17:30 debian charon: 15[ENC] generating INFORMATIONAL_V1 request 270764453 [ HASH N(INVAL_HASH) ]<br>Mar 28 10:17:30 debian charon: 15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>
Mar 28 10:17:30 debian charon: 15[IKE] QUICK_MODE request with message ID 2854336081 processing failed<br>Mar 28 10:17:35 debian charon: 07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>
Mar 28 10:17:35 debian charon: 07[ENC] parsed QUICK_MODE request 2854336081 [ HASH SA No ID ID ]<br>Mar 28 10:17:35 debian charon: 07[IKE] no matching CHILD_SA config found<br>Mar 28 10:17:35 debian charon: 07[ENC] generating INFORMATIONAL_V1 request 208760445 [ HASH N(INVAL_ID) ]<br>
Mar 28 10:17:35 debian charon: 07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>Mar 28 10:17:35 debian charon: 08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
Mar 28 10:17:35 debian charon: 08[ENC] parsed INFORMATIONAL_V1 request 744212579 [ HASH N(DPD) ]<br>Mar 28 10:17:35 debian charon: 08[ENC] generating INFORMATIONAL_V1 request 3492499132 [ HASH N(DPD_ACK) ]<br>Mar 28 10:17:35 debian charon: 08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
Mar 28 10:17:50 debian charon: 09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>Mar 28 10:17:50 debian charon: 09[ENC] parsed INFORMATIONAL_V1 request 898383404 [ HASH N(DPD) ]<br>Mar 28 10:17:50 debian charon: 09[ENC] generating INFORMATIONAL_V1 request 664623676 [ HASH N(DPD_ACK) ]<br>
Mar 28 10:17:50 debian charon: 09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>Mar 28 10:18:05 debian charon: 10[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
Mar 28 10:18:05 debian charon: 10[ENC] parsed INFORMATIONAL_V1 request 3987655548 [ HASH N(DPD) ]<br>Mar 28 10:18:05 debian charon: 10[ENC] generating INFORMATIONAL_V1 request 896853964 [ HASH N(DPD_ACK) ]<br>Mar 28 10:18:05 debian charon: 10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
<br><br></div></div></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/3/26 Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Diego,<br>
<br>
either the IKE identity "<a href="mailto:diego@ipsec.org">diego@ipsec.org</a>" must be contained as a<br>
subjectAltName in the client certificate or the IKE identity must be<br>
<div class="im">""C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec,<br>
</div>E=<a href="mailto:root@ipsec.com">root@ipsec.com</a>".<br>
<br>
Regards<br>
<br>
Andreas<br>
<div class="im"><br>
On 03/26/2013 06:39 PM, carachi diego wrote:<br>
> Hello,<br>
> I am trying to configure a roadwarrior system between Linux Debian and<br>
> Windows XP.<br>
><br>
> I configure the gateway like in the example but it give me this error:<br>
><br>
> Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found<br>
</div>> for '<a href="mailto:diego@ipsec.org">diego@ipsec.org</a> <mailto:<a href="mailto:diego@ipsec.org">diego@ipsec.org</a>>'<br>
<div class="im">> Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found<br>
> Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1<br>
> request 2480925513 [ HASH N(AUTH_FAILED) ]<br>
><br>
> How can I solve it?<br>
> Thank you very much.<br>
><br>
><br>
><br>
> LOG FILE<br>
><br>
> Mar 26 14:06:40 debian charon: 00[DMN] signal of type SIGINT received.<br>
> Shutting down<br>
> Mar 26 14:06:43 debian charon: 00[DMN] Starting IKE charon daemon<br>
> (strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loading ca certificates from<br>
> '/etc/ipsec.d/cacerts'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loaded ca certificate "C=UK,<br>
> ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a><br>
</div>> <mailto:<a href="mailto:root@ipsec.com">root@ipsec.com</a>>" from '/etc/ipsec.d/cacerts/ca.crt'<br>
<div class="im">> Mar 26 14:06:43 debian charon: 00[CFG] loading aa certificates from<br>
> '/etc/ipsec.d/aacerts'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loading ocsp signer certificates<br>
> from '/etc/ipsec.d/ocspcerts'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loading attribute certificates<br>
> from '/etc/ipsec.d/acerts'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loading secrets from<br>
> '/etc/ipsec.secrets'<br>
> Mar 26 14:06:43 debian charon: 00[CFG] loaded RSA private key from<br>
> '/etc/ipsec.d/private/gateway.key'<br>
> Mar 26 14:06:43 debian charon: 00[DMN] loaded plugins: charon curl<br>
> test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509<br>
> revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink<br>
> socket-default updown<br>
> Mar 26 14:06:43 debian charon: 00[JOB] spawning 16 worker threads<br>
> Mar 26 14:06:43 debian charon: 08[CFG] received stroke: add connection 'rw'<br>
> Mar 26 14:06:43 debian charon: 08[CFG] loaded certificate "C=UK,<br>
> ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a><br>
</div>> <mailto:<a href="mailto:root@ipsec.com">root@ipsec.com</a>>" from 'gateway.crt'<br>
<div class="im">> Mar 26 14:06:43 debian charon: 08[CFG] id '<a href="http://gw.ipsec.com" target="_blank">gw.ipsec.com</a><br>
</div>> <<a href="http://gw.ipsec.com" target="_blank">http://gw.ipsec.com</a>>' not confirmed by certificate, defaulting to<br>
<div class="im">> 'C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec,<br>
</div>> E=<a href="mailto:root@ipsec.com">root@ipsec.com</a> <mailto:<a href="mailto:root@ipsec.com">root@ipsec.com</a>>'<br>
<div><div class="h5">> Mar 26 14:06:43 debian charon: 08[CFG] added configuration 'rw'<br>
> Mar 26 14:06:51 debian charon: 10[NET] received packet: from<br>
> 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)<br>
> Mar 26 14:06:51 debian charon: 10[ENC] parsed ID_PROT request 0 [ SA V V<br>
> V V V V V V V V V ]<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received<br>
> draft-ietf-ipsec-nat-t-ike-00 vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:<br>
> 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received<br>
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received<br>
> draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received NAT-T (RFC 3947) vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received FRAGMENTATION vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received DPD vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:<br>
> f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26<br>
> Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:<br>
> 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51<br>
> Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:<br>
> 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b<br>
> Mar 26 14:06:51 debian charon: 10[IKE] received Cisco Unity vendor ID<br>
> Mar 26 14:06:51 debian charon: 10[IKE] 172.16.151.141 is initiating a<br>
> Main Mode IKE_SA<br>
> Mar 26 14:06:51 debian charon: 10[ENC] generating ID_PROT response 0 [<br>
> SA V V V ]<br>
> Mar 26 14:06:51 debian charon: 10[NET] sending packet: from<br>
> 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)<br>
> Mar 26 14:06:51 debian charon: 11[NET] received packet: from<br>
> 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)<br>
> Mar 26 14:06:51 debian charon: 11[ENC] parsed ID_PROT request 0 [ KE No<br>
> CERTREQ NAT-D NAT-D ]<br>
> Mar 26 14:06:51 debian charon: 11[IKE] ignoring certificate request<br>
> without data<br>
> Mar 26 14:06:51 debian charon: 11[IKE] sending cert request for "C=UK,<br>
> ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a><br>
</div></div>> <mailto:<a href="mailto:root@ipsec.com">root@ipsec.com</a>>"<br>
<div class="im">> Mar 26 14:06:51 debian charon: 11[ENC] generating ID_PROT response 0 [<br>
> KE No CERTREQ NAT-D NAT-D ]<br>
> Mar 26 14:06:51 debian charon: 11[NET] sending packet: from<br>
> 172.16.151.100[500] to 172.16.151.141[500] (517 bytes)<br>
> Mar 26 14:06:51 debian charon: 12[NET] received packet: from<br>
> 172.16.151.141[500] to 172.16.151.100[500] (1564 bytes)<br>
> Mar 26 14:06:51 debian charon: 12[ENC] parsed ID_PROT request 0 [ ID<br>
> CERT SIG ]<br>
> Mar 26 14:06:51 debian charon: 12[IKE] received end entity cert "C=UK,<br>
> ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec, E=<a href="mailto:root@ipsec.com">root@ipsec.com</a><br>
</div>> <mailto:<a href="mailto:root@ipsec.com">root@ipsec.com</a>>"<br>
<div class="im">> Mar 26 14:06:51 debian charon: 12[CFG] looking for RSA signature peer<br>
> configs matching 172.16.151.100...172.16.151.141[<a href="mailto:diego@ipsec.org">diego@ipsec.org</a><br>
</div>> <mailto:<a href="mailto:diego@ipsec.org">diego@ipsec.org</a>>]<br>
<div class="im">> Mar 26 14:06:51 debian charon: 12[CFG] selected peer config "rw"<br>
> Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found<br>
</div>> for '<a href="mailto:diego@ipsec.org">diego@ipsec.org</a> <mailto:<a href="mailto:diego@ipsec.org">diego@ipsec.org</a>>'<br>
<div class="im">> Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found<br>
> Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1<br>
> request 2480925513 [ HASH N(AUTH_FAILED) ]<br>
> Mar 26 14:06:51 debian charon: 12[NET] sending packet: from<br>
> 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
> Mar 26 14:07:18 debian mpt-statusd: detected non-optimal RAID status<br>
</div>======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.2dd.it" target="_blank">http://www.2dd.it</a>
</div>