[strongSwan] Authentication Problem using certificates

Groebl, Laurence (Laurence) laurence.groebl at alcatel-lucent.com
Wed Nov 17 13:55:54 CET 2010


Hello,
we have some problems with IKEv2 authentication with certificates.
We put our client certificate (MyBTS1.pem) into /etc/ipsec.d/cacerts, and the root certificate of the peer in /etc/ipsec.d/certs.
and got the following error: reading file '/etc/ipsec.d/certs/MyBTS1.pem' failed

However it seems that Strongswan finds the certificate since we get the following information from its certificate "MyBTS1.pem"
sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"

What is wrong in our configuration?

You can find the details below,
best regards,
Laurence



Nov 17 13:28:39 destgd0h003661 ipsec_starter[22089]: Starting strongSwan 4.3.4 IPsec [starter]...
Nov 17 13:28:39 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] listening on interfaces:
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]   eth1
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]     192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]     fe80::217:3fff:fed0:772c
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]   eth0
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]     149.204.17.51
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL]     fe80::224:81ff:fe1d:d4fa
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB]   loaded certificate file '/etc/ipsec.d/cacerts/MyBTS1.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB]   loaded crl file '/etc/ipsec.d/crls/crl_Myroot1.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB]   loaded crl file '/etc/ipsec.d/crls/crl_Myroot2.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG]   loaded private key file '/etc/ipsec.d/private/MyBTS1_key.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
Nov 17 13:28:39 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
Nov 17 13:28:39 destgd0h003661 ipsec_starter[22110]: charon (22111) started after 20 ms
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] stroke message => 272 bytes @ 0xb596f160
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]    0: 10 01 79 B7 0C 00 00 00 FF FF FF FF 01 00 00 00  ..y.............
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   16: 18 66 B9 BF 6B 86 06 08 A0 89 01 00 60 A6 06 08  .f..k.......`...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   32: 18 66 B9 BF F7 65 B9 BF 00 34 79 32 32 31 31 30  .f...e...4y22110
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   48: 08 00 00 00 74 86 06 08 10 00 00 00 08 00 00 00  ....t...........
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   64: F4 3F 79 B7 58 86 06 08 00 00 00 00 A0 53 79 B7  .?y.X........Sy.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   80: 50 26 6A B7 13 68 6A B7 C0 2F 79 B7 02 00 00 00  P&j..hj../y.....
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]   96: C0 41 06 08 08 20 00 00 F4 3F 79 B7 60 86 06 08  .A... ...?y.`...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  112: 13 68 6A B7 E8 15 00 00 F0 56 79 B7 C0 76 63 B7  .hj......Vy..vc.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  128: 03 39 6A B7 28 2A 06 08 00 00 00 00 F4 3F 79 B7  .9j.(*.......?y.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  144: 50 A9 01 00 B0 86 06 08 28 2A 06 08 F4 3F 79 B7  P.......(*...?y.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  160: A0 53 79 B7 00 00 00 00 C0 76 63 B7 DD 9F 6A B7  .Sy......vc...j.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  176: 00 00 00 00 F4 3F 79 B7 F4 3F 79 B7 A0 53 79 B7  .....?y..?y..Sy.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  192: 28 2A 06 08 C0 76 63 B7 DD 9F 6A B7 C0 76 63 B7  (*...vc...j..vc.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  208: F4 3F 79 B7 F4 3F 79 B7 14 00 00 00 77 69 70 B7  .?y..?y.....wip.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  224: 60 86 06 08 60 86 06 08 4C 00 00 00 00 40 00 00  `...`...L.... at ..
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  240: 00 34 79 B7 E0 39 79 B7 02 00 00 00 27 00 00 00  .4y..9y.....'...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG]  256: 1C 00 00 00 0D 00 00 00 11 00 00 00 0A 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] crl caching to /etc/ipsec.d/crls enabled
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] stroke message => 390 bytes @ 0xb416c0e0
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]    0: 86 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   16: 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   48: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00  ........,.......
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00  .p...p..........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   96: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00  d...<...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00  ........ at .......
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  128: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00  ............G...
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  160: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00  ....R...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  192: 00 00 00 00 60 01 00 00 00 00 00 00 00 00 00 00  ....`...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  240: 67 01 00 00 00 00 00 00 00 00 00 00 76 01 00 00  g...........v...
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61  net-net.3des-sha
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73  1-modp1024!.3des
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00  -sha1-modp1024!.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  320: 72 73 61 73 69 67 00 4D 79 42 54 53 31 2E 70 65  rsasig.MyBTS1.pe
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  336: 6D 00 31 39 32 2E 31 36 38 2E 32 30 2E 35 31 00  m.192.168.20.51.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  352: 72 73 61 73 69 67 00 31 39 32 2E 31 36 38 2E 32  rsasig.192.168.2
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  368: 30 2E 32 35 34 00 31 39 32 2E 31 36 38 2E 33 30  0.254.192.168.30
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]  384: 2E 30 2F 32 34 00                                .0/24.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] received stroke: add connection 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] conn net-net
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   left=192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftsubnet=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftsourceip=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftauth=rsasig
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftauth2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftid2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftcert=MyBTS1.pem
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftcert2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftca=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftca2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftgroups=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   leftupdown=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   right=192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightsubnet=192.168.30.0/24
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightsourceip=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightauth=rsasig
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightauth2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightid2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightcert=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightcert2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightca=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightca2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightgroups=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   rightupdown=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   eap_identity=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   ike=3des-sha1-modp1024!
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   esp=3des-sha1-modp1024!
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   mediation=no
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   mediated_by=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG]   me_peerid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] getting interface name for 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] 192.168.20.254 is not a local address
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] getting interface name for 192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] 192.168.20.51 is on interface eth1
Nov 17 13:28:39 destgd0h003661 charon: 08[LIB]   reading file '/etc/ipsec.d/certs/MyBTS1.pem' failed
Nov 17 13:28:39 destgd0h003661 charon: 08[LIB] failed to create a builder for credential type CRED_CERTIFICATE, subtype (1)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] added configuration 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] stroke message => 280 bytes @ 0xb316a150
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]    0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   32: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00  ........,.......
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00  .p...p..........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   80: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00  d...<...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]   96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00  ........ at .......
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  112: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00  ............G...
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  144: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00  ....R...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  176: 00 00 00 00 60 01 00 00 00 00 00 00 00 00 00 00  ....`...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  224: 67 01 00 00 00 00 00 00 00 00 00 00 76 01 00 00  g...........v...
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61  net-net.3des-sha
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG]  272: 6E 65 74 2D 6E 65 74 00                          net-net.
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] received stroke: initiate 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_INIT task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_NATD task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CERT_POST task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CONFIG task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_AUTH_LIFETIME task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing CHILD_CREATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating new tasks
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_INIT task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_NATD task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_CERT_POST task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_CONFIG task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating CHILD_CREATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   activating IKE_AUTH_LIFETIME task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a82f0
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]    0: 8B 18 D0 6F 40 1B 14 6F 00 00 00 00 00 00 00 00  ...o at ..o........
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   16: C0 A8 14 FE 01 F4                                ......
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_hash => 20 bytes @ 0x80a72b8
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]    0: FF 8B 8D 69 15 94 12 15 CD 0E CB 78 62 51 41 BC  ...i.......xbQA.
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   16: FD 64 3E 36                                      .d>6
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a82f0
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]    0: 8B 18 D0 6F 40 1B 14 6F 00 00 00 00 00 00 00 00  ...o at ..o........
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   16: C0 A8 14 33 01 F4                                ...3..
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_hash => 20 bytes @ 0x80a72b8
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]    0: 86 F7 C8 89 FE 61 D1 F8 B4 4A EB 95 48 7A 34 B5  .....a...J..Hz4.
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE]   16: DB 7E 74 BA                                      .~t.
Nov 17 13:28:39 destgd0h003661 charon: 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 17 13:28:39 destgd0h003661 charon: 10[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 17 13:28:39 destgd0h003661 charon: 14[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 17 13:28:39 destgd0h003661 charon: 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] selecting proposal:
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG]   proposal matches
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80a9738
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: EC 68 34 B0 F5 BD 62 59 30 58 A4 2F 95 0F 1C 2A  .h4...bY0X./...*
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: D7 D6 E3 88 2C 52 70 39 F0 72 73 B8 76 5E 98 44  ....,Rp9.rs.v^.D
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   32: FF E2 22 76 9D 8F A8 C3 B9 6A 63 4B 90 80 A4 1D  .."v.....jcK....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   48: 59 35 7A E6 64 18 B6 9F DE F6 5C 17 A3 5E 6F 99  Y5z.d.....\..^o.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   64: 81 E9 A5 58 DF D3 C7 F5 B3 90 8D D1 50 4B 8E C2  ...X........PK..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   80: F5 24 60 51 C5 1D C3 3D AB 4C 00 1B 8E D9 3A D6  .$`Q...=.L....:.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   96: 79 8E D5 D0 81 21 6A 47 DC 75 93 7F 8B C4 16 C2  y....!jG.u......
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]  112: 8C E8 4C CC EE A4 10 56 72 99 D2 7E A5 3A 7F 5C  ..L....Vr..~.:.\
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] SKEYSEED => 20 bytes @ 0x80a83d8
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 31 82 44 BC 61 81 DE F5 68 25 B1 89 4C AE BA 4C  1.D.a...h%..L..L
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: F6 A5 A7 53                                      ...S
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_d secret => 20 bytes @ 0x80a83d8
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 2A 49 57 20 1C 3C EB 52 95 21 47 71 9F 10 91 9D  *IW .<.R.!Gq....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: 0A A0 C7 E2                                      ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ai secret => 20 bytes @ 0x80a7d50
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 47 30 43 D0 44 81 0F 39 0A 21 44 27 B4 45 E7 43  G0C.D..9.!D'.E.C
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: 5D B3 79 BE                                      ].y.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ar secret => 20 bytes @ 0x80a7d50
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 7F E4 49 0B 68 35 20 7A 12 90 7A 19 DE 5E 93 70  ..I.h5 z..z..^.p
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: 21 0B 41 B0                                      !.A.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ei secret => 24 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 9A 3E 6F A8 DB 44 04 38 EF F2 7A 6D A3 E3 70 F9  .>o..D.8..zm..p.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: F5 64 4A 95 1B 97 F2 89                          .dJ.....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_er secret => 24 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: BB FE 7F 01 7B D1 3B 07 9F 52 E0 DE BB 6C 40 EB  ....{.;..R...l at .
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: 29 E1 64 04 EA 20 82 77                          ).d.. .w
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_pi secret => 20 bytes @ 0x80a9490
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 91 3A 86 49 1D 66 AB 72 F7 0D E1 40 A0 DA 83 32  .:.I.f.r... at ...2
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: 13 31 A8 0C                                      .1..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_pr secret => 20 bytes @ 0x80a5950
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: B4 64 C6 AE 1F 3A EF 79 D8 A7 8F 88 83 21 BD 48  .d...:.y.....!.H
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: B6 78 D8 85                                      .x..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 8B 18 D0 6F 40 1B 14 6F E6 83 21 4A 2E EE 6D 3A  ...o at ..o..!J..m:
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: C0 A8 14 33 01 F4                                ...3..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_hash => 20 bytes @ 0x80a8000
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 18 41 FB 10 AC B2 EB 16 27 BA 2E 01 89 66 58 99  .A......'....fX.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: AC F7 4A E2                                      ..J.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 8B 18 D0 6F 40 1B 14 6F E6 83 21 4A 2E EE 6D 3A  ...o at ..o..!J..m:
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: C0 A8 14 FE 01 F4                                ......
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_hash => 20 bytes @ 0x80a97b0
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: B4 87 15 9C 51 45 0D F9 C9 A1 6C 2A 3D D1 47 17  ....QE....l*=.G.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: BA F0 D8 B7                                      ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] precalculated src_hash => 20 bytes @ 0x80a97b0
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: B4 87 15 9C 51 45 0D F9 C9 A1 6C 2A 3D D1 47 17  ....QE....l*=.G.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: BA F0 D8 B7                                      ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] precalculated dst_hash => 20 bytes @ 0x80a8000
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]    0: 18 41 FB 10 AC B2 EB 16 27 BA 2E 01 89 66 58 99  .A......'....fX.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   16: AC F7 4A E2                                      ..J.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] received cert request for unknown ca with keyid 12:c4:8b:7e:aa:dd:51:29:cd:a1:17:18:a0:71:71:ff:60:79:bc:3b
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] reinitiating already active tasks
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE]   IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] no private key found for '192.168.20.51'
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] IKE_SA net-net[1] state change: CONNECTING => DESTROYING

---------

BTS1.pem:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 317 (0x13d)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=SwanRoot
        Validity
            Not Before: Nov 17 10:39:46 2010 GMT
            Not After : Nov 14 10:39:46 2020 GMT
        Subject: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:cd:86:b6:3e:f8:06:d4:55:87:ae:ea:9b:f7:62:
                    22:35:db:7d:73:3f:50:aa:86:91:a6:fe:d6:69:bb:
                    64:ba:9b:00:ae:81:72:b0:b1:fa:be:85:5f:99:4b:
                    f7:05:e9:8a:1e:62:c5:5d:4b:9e:e0:17:f8:ad:7a:
                    f9:11:70:50:84:b2:e8:09:ee:d9:7d:5f:6b:b7:10:
                    e2:a2:b1:e7:9d:97:15:08:d0:ec:00:d3:ac:0a:de:
                    6d:81:b7:30:bf:1f:ec:3b:95:df:ec:36:96:0f:ea:
                    61:99:1e:4f:a3:38:87:4a:95:37:c8:92:48:ca:9b:
                    fc:92:d8:4f:f3:3b:cb:c2:89:71:fc:db:e4:ac:ba:
                    59:88:23:b8:be:ed:03:65:30:5c:a7:9c:b8:2f:34:
                    84:a4:70:42:1a:17:01:0e:fa:f2:05:02:ed:ca:57:
                    f9:d5:63:35:9e:8c:37:bd:b2:3a:cd:48:af:e9:a7:
                    66:24:06:fb:c1:b7:1a:dd:e7:fe:f5:f6:44:0d:f8:
                    e5:d9:0b:c5:9a:f9:95:fd:1b:ce:18:c2:99:5c:9a:
                    7d:37:e2:83:5e:cb:38:be:32:b1:3b:b6:25:55:77:
                    8b:24:8c:82:1b:95:79:7e:e7:ef:c5:4c:18:fd:77:
                    a0:f4:d6:d5:dc:f1:c3:1f:dd:b1:46:fd:34:29:4b:
                    6c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE, pathlen:1
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                B5:3C:65:1A:86:11:F4:C1:B2:0E:BE:B9:5A:ED:0B:21:73:2A:9C:E1
            X509v3 Authority Key Identifier:
                DirName:/C=DE/ST=Germany/L=Stuttgart/O=Alcatel-Lucent/OU=Wireless/CN=SwanRoot
                serial:8E:05:6A:2B:17:47:C5:E8

            X509v3 Subject Alternative Name:
                email:swanClient at alcatel-lucent.com
    Signature Algorithm: sha1WithRSAEncryption
        4c:e1:f1:02:a2:a6:a2:cc:ed:0d:98:23:a9:a1:12:36:37:33:
        f5:40:b6:ec:a0:43:c2:2f:49:7d:7f:72:1f:52:03:54:fd:d6:
        33:dc:37:d2:68:5a:02:9e:78:d9:3a:6a:b1:b2:a9:de:42:a9:
        7e:4d:d1:8e:60:71:58:3f:6d:2a:06:42:74:cb:97:6b:3c:93:
        93:78:06:0d:79:60:3a:48:06:28:e0:10:5d:30:10:64:81:01:
        a0:83:32:84:7e:6b:b6:71:c2:77:2e:2b:06:47:a3:24:09:e5:
        cc:21:f2:8a:89:d3:84:bc:2a:a7:24:60:f7:5a:de:79:89:6f:
        a2:83:d7:37:4b:4c:65:02:d6:67:64:07:5b:69:49:1c:a9:26:
        43:e1:b2:ef:cc:31:be:fa:92:db:09:1e:62:08:9f:17:ed:bd:
        2e:a3:43:90:82:b2:97:a8:c7:86:4c:dc:13:b7:dd:ea:34:12:
        f6:44:72:57:b3:2b:c0:99:d6:e7:7b:5e:dc:93:44:b5:d6:89:
        8f:9a:09:01:6c:06:6c:ab:5a:f0:54:62:a3:28:0a:ee:f0:0b:
        63:e8:f1:c1:20:a9:b4:0e:77:90:99:9e:30:ff:55:33:4d:9d:
        93:9d:a8:47:cb:35:58:f5:73:9d:8a:1f:76:85:bc:a9:96:87:
        d8:9d:7b:cc
-----BEGIN CERTIFICATE-----
MIIEVTCCAz2gAwIBAgICAT0wDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCREUx
EDAOBgNVBAgTB0dlcm1hbnkxEjAQBgNVBAcTCVN0dXR0Z2FydDEXMBUGA1UEChMO
QWxjYXRlbC1MdWNlbnQxETAPBgNVBAsTCFdpcmVsZXNzMREwDwYDVQQDEwhTd2Fu
Um9vdDAeFw0xMDExMTcxMDM5NDZaFw0yMDExMTQxMDM5NDZaMEgxCzAJBgNVBAYT
AkRFMRcwFQYDVQQKEw5BbGNhdGVsLUx1Y2VudDERMA8GA1UECxMIV2lyZWxlc3Mx
DTALBgNVBAMTBFNXQU4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN
hrY++AbUVYeu6pv3YiI1231zP1CqhpGm/tZpu2S6mwCugXKwsfq+hV+ZS/cF6Yoe
YsVdS57gF/itevkRcFCEsugJ7tl9X2u3EOKiseedlxUI0OwA06wK3m2BtzC/H+w7
ld/sNpYP6mGZHk+jOIdKlTfIkkjKm/yS2E/zO8vCiXH82+SsulmII7i+7QNlMFyn
nLgvNISkcEIaFwEO+vIFAu3KV/nVYzWejDe9sjrNSK/pp2YkBvvBtxrd5/719kQN
+OXZC8Wa+ZX9G84Ywplcmn034oNeyzi+MrE7tiVVd4skjIIblXl+5+/FTBj9d6D0
1tXc8cMf3bFG/TQpS2ypAgMBAAGjggEdMIIBGTAPBgNVHRMECDAGAQH/AgEBMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUtTxlGoYR9MGyDr65Wu0LIXMqnOEwgY4GA1UdIwSBhjCBg6F2pHQwcjEL
MAkGA1UEBhMCREUxEDAOBgNVBAgTB0dlcm1hbnkxEjAQBgNVBAcTCVN0dXR0Z2Fy
dDEXMBUGA1UEChMOQWxjYXRlbC1MdWNlbnQxETAPBgNVBAsTCFdpcmVsZXNzMREw
DwYDVQQDEwhTd2FuUm9vdIIJAI4FaisXR8XoMCgGA1UdEQQhMB+BHXN3YW5DbGll
bnRAYWxjYXRlbC1sdWNlbnQuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBM4fECoqai
zO0NmCOpoRI2NzP1QLbsoEPCL0l9f3IfUgNU/dYz3DfSaFoCnnjZOmqxsqneQql+
TdGOYHFYP20qBkJ0y5drPJOTeAYNeWA6SAYo4BBdMBBkgQGggzKEfmu2ccJ3LisG
R6MkCeXMIfKKidOEvCqnJGD3Wt55iW+ig9c3S0xlAtZnZAdbaUkcqSZD4bLvzDG+
+pLbCR5iCJ8X7b0uo0OQgrKXqMeGTNwTt93qNBL2RHJXsyvAmdbne17ck0S11omP
mgkBbAZsq1rwVGKjKAru8Atj6PHBIKm0DneQmZ4w/1UzTZ2TnahHyzVY9XOdih92
hbyplofYnXvM
-----END CERTIFICATE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101117/81674720/attachment.html>


More information about the Users mailing list