[strongSwan] Authentication Problem using certificates
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Wed Nov 17 13:55:54 CET 2010
Hello,
we have some problems with IKEv2 authentication with certificates.
We put our client certificate (MyBTS1.pem) into /etc/ipsec.d/cacerts, and the root certificate of the peer in /etc/ipsec.d/certs.
and got the following error: reading file '/etc/ipsec.d/certs/MyBTS1.pem' failed
However it seems that Strongswan finds the certificate since we get the following information from its certificate "MyBTS1.pem"
sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
What is wrong in our configuration?
You can find the details below,
best regards,
Laurence
Nov 17 13:28:39 destgd0h003661 ipsec_starter[22089]: Starting strongSwan 4.3.4 IPsec [starter]...
Nov 17 13:28:39 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] listening on interfaces:
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] eth1
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] 192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] fe80::217:3fff:fed0:772c
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] eth0
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] 149.204.17.51
Nov 17 13:28:39 destgd0h003661 charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/MyBTS1.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot1.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot2.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 17 13:28:39 destgd0h003661 charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/MyBTS1_key.pem'
Nov 17 13:28:39 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
Nov 17 13:28:39 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
Nov 17 13:28:39 destgd0h003661 ipsec_starter[22110]: charon (22111) started after 20 ms
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] stroke message => 272 bytes @ 0xb596f160
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 0: 10 01 79 B7 0C 00 00 00 FF FF FF FF 01 00 00 00 ..y.............
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 16: 18 66 B9 BF 6B 86 06 08 A0 89 01 00 60 A6 06 08 .f..k.......`...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 32: 18 66 B9 BF F7 65 B9 BF 00 34 79 32 32 31 31 30 .f...e...4y22110
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 48: 08 00 00 00 74 86 06 08 10 00 00 00 08 00 00 00 ....t...........
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 64: F4 3F 79 B7 58 86 06 08 00 00 00 00 A0 53 79 B7 .?y.X........Sy.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 80: 50 26 6A B7 13 68 6A B7 C0 2F 79 B7 02 00 00 00 P&j..hj../y.....
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 96: C0 41 06 08 08 20 00 00 F4 3F 79 B7 60 86 06 08 .A... ...?y.`...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 112: 13 68 6A B7 E8 15 00 00 F0 56 79 B7 C0 76 63 B7 .hj......Vy..vc.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 128: 03 39 6A B7 28 2A 06 08 00 00 00 00 F4 3F 79 B7 .9j.(*.......?y.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 144: 50 A9 01 00 B0 86 06 08 28 2A 06 08 F4 3F 79 B7 P.......(*...?y.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 160: A0 53 79 B7 00 00 00 00 C0 76 63 B7 DD 9F 6A B7 .Sy......vc...j.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 176: 00 00 00 00 F4 3F 79 B7 F4 3F 79 B7 A0 53 79 B7 .....?y..?y..Sy.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 192: 28 2A 06 08 C0 76 63 B7 DD 9F 6A B7 C0 76 63 B7 (*...vc...j..vc.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 208: F4 3F 79 B7 F4 3F 79 B7 14 00 00 00 77 69 70 B7 .?y..?y.....wip.
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 224: 60 86 06 08 60 86 06 08 4C 00 00 00 00 40 00 00 `...`...L.... at ..
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 240: 00 34 79 B7 E0 39 79 B7 02 00 00 00 27 00 00 00 .4y..9y.....'...
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] 256: 1C 00 00 00 0D 00 00 00 11 00 00 00 0A 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 05[CFG] crl caching to /etc/ipsec.d/crls enabled
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] stroke message => 390 bytes @ 0xb416c0e0
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 0: 86 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 16: 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 48: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 96: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 160: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 192: 00 00 00 00 60 01 00 00 00 00 00 00 00 00 00 00 ....`...........
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 240: 67 01 00 00 00 00 00 00 00 00 00 00 76 01 00 00 g...........v...
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 320: 72 73 61 73 69 67 00 4D 79 42 54 53 31 2E 70 65 rsasig.MyBTS1.pe
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 336: 6D 00 31 39 32 2E 31 36 38 2E 32 30 2E 35 31 00 m.192.168.20.51.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 352: 72 73 61 73 69 67 00 31 39 32 2E 31 36 38 2E 32 rsasig.192.168.2
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 368: 30 2E 32 35 34 00 31 39 32 2E 31 36 38 2E 33 30 0.254.192.168.30
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] 384: 2E 30 2F 32 34 00 .0/24.
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] received stroke: add connection 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] conn net-net
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] left=192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftsubnet=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftsourceip=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftauth=rsasig
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftauth2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftid2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftcert=MyBTS1.pem
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftcert2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftca=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftca2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftgroups=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] leftupdown=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] right=192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightsubnet=192.168.30.0/24
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightsourceip=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightauth=rsasig
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightauth2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightid2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightcert=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightcert2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightca=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightca2=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightgroups=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] rightupdown=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] eap_identity=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] ike=3des-sha1-modp1024!
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] esp=3des-sha1-modp1024!
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] mediation=no
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] mediated_by=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] me_peerid=(null)
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] getting interface name for 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] 192.168.20.254 is not a local address
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] getting interface name for 192.168.20.51
Nov 17 13:28:39 destgd0h003661 charon: 08[KNL] 192.168.20.51 is on interface eth1
Nov 17 13:28:39 destgd0h003661 charon: 08[LIB] reading file '/etc/ipsec.d/certs/MyBTS1.pem' failed
Nov 17 13:28:39 destgd0h003661 charon: 08[LIB] failed to create a builder for credential type CRED_CERTIFICATE, subtype (1)
Nov 17 13:28:39 destgd0h003661 charon: 08[CFG] added configuration 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] stroke message => 280 bytes @ 0xb316a150
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 32: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 80: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 144: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 176: 00 00 00 00 60 01 00 00 00 00 00 00 00 00 00 00 ....`...........
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 224: 67 01 00 00 00 00 00 00 00 00 00 00 76 01 00 00 g...........v...
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] 272: 6E 65 74 2D 6E 65 74 00 net-net.
Nov 17 13:28:39 destgd0h003661 charon: 10[CFG] received stroke: initiate 'net-net'
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_INIT task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_NATD task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CERT_POST task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_CONFIG task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing IKE_AUTH_LIFETIME task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] queueing CHILD_CREATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating new tasks
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_INIT task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_NATD task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_CERT_POST task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_CONFIG task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating CHILD_CREATE task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] activating IKE_AUTH_LIFETIME task
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a82f0
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 0: 8B 18 D0 6F 40 1B 14 6F 00 00 00 00 00 00 00 00 ...o at ..o........
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_hash => 20 bytes @ 0x80a72b8
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 0: FF 8B 8D 69 15 94 12 15 CD 0E CB 78 62 51 41 BC ...i.......xbQA.
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 16: FD 64 3E 36 .d>6
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a82f0
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 0: 8B 18 D0 6F 40 1B 14 6F 00 00 00 00 00 00 00 00 ...o at ..o........
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] natd_hash => 20 bytes @ 0x80a72b8
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 0: 86 F7 C8 89 FE 61 D1 F8 B4 4A EB 95 48 7A 34 B5 .....a...J..Hz4.
Nov 17 13:28:39 destgd0h003661 charon: 10[IKE] 16: DB 7E 74 BA .~t.
Nov 17 13:28:39 destgd0h003661 charon: 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 17 13:28:39 destgd0h003661 charon: 10[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 17 13:28:39 destgd0h003661 charon: 14[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 17 13:28:39 destgd0h003661 charon: 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] selecting proposal:
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] proposal matches
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80a9738
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: EC 68 34 B0 F5 BD 62 59 30 58 A4 2F 95 0F 1C 2A .h4...bY0X./...*
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: D7 D6 E3 88 2C 52 70 39 F0 72 73 B8 76 5E 98 44 ....,Rp9.rs.v^.D
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 32: FF E2 22 76 9D 8F A8 C3 B9 6A 63 4B 90 80 A4 1D .."v.....jcK....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 48: 59 35 7A E6 64 18 B6 9F DE F6 5C 17 A3 5E 6F 99 Y5z.d.....\..^o.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 64: 81 E9 A5 58 DF D3 C7 F5 B3 90 8D D1 50 4B 8E C2 ...X........PK..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 80: F5 24 60 51 C5 1D C3 3D AB 4C 00 1B 8E D9 3A D6 .$`Q...=.L....:.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 96: 79 8E D5 D0 81 21 6A 47 DC 75 93 7F 8B C4 16 C2 y....!jG.u......
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 112: 8C E8 4C CC EE A4 10 56 72 99 D2 7E A5 3A 7F 5C ..L....Vr..~.:.\
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] SKEYSEED => 20 bytes @ 0x80a83d8
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 31 82 44 BC 61 81 DE F5 68 25 B1 89 4C AE BA 4C 1.D.a...h%..L..L
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: F6 A5 A7 53 ...S
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_d secret => 20 bytes @ 0x80a83d8
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 2A 49 57 20 1C 3C EB 52 95 21 47 71 9F 10 91 9D *IW .<.R.!Gq....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: 0A A0 C7 E2 ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ai secret => 20 bytes @ 0x80a7d50
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 47 30 43 D0 44 81 0F 39 0A 21 44 27 B4 45 E7 43 G0C.D..9.!D'.E.C
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: 5D B3 79 BE ].y.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ar secret => 20 bytes @ 0x80a7d50
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 7F E4 49 0B 68 35 20 7A 12 90 7A 19 DE 5E 93 70 ..I.h5 z..z..^.p
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: 21 0B 41 B0 !.A.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_ei secret => 24 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 9A 3E 6F A8 DB 44 04 38 EF F2 7A 6D A3 E3 70 F9 .>o..D.8..zm..p.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: F5 64 4A 95 1B 97 F2 89 .dJ.....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_er secret => 24 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: BB FE 7F 01 7B D1 3B 07 9F 52 E0 DE BB 6C 40 EB ....{.;..R...l at .
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: 29 E1 64 04 EA 20 82 77 ).d.. .w
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_pi secret => 20 bytes @ 0x80a9490
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 91 3A 86 49 1D 66 AB 72 F7 0D E1 40 A0 DA 83 32 .:.I.f.r... at ...2
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: 13 31 A8 0C .1..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] Sk_pr secret => 20 bytes @ 0x80a5950
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: B4 64 C6 AE 1F 3A EF 79 D8 A7 8F 88 83 21 BD 48 .d...:.y.....!.H
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: B6 78 D8 85 .x..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 8B 18 D0 6F 40 1B 14 6F E6 83 21 4A 2E EE 6D 3A ...o at ..o..!J..m:
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_hash => 20 bytes @ 0x80a8000
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 18 41 FB 10 AC B2 EB 16 27 BA 2E 01 89 66 58 99 .A......'....fX.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: AC F7 4A E2 ..J.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a8c40
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 8B 18 D0 6F 40 1B 14 6F E6 83 21 4A 2E EE 6D 3A ...o at ..o..!J..m:
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] natd_hash => 20 bytes @ 0x80a97b0
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: B4 87 15 9C 51 45 0D F9 C9 A1 6C 2A 3D D1 47 17 ....QE....l*=.G.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: BA F0 D8 B7 ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] precalculated src_hash => 20 bytes @ 0x80a97b0
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: B4 87 15 9C 51 45 0D F9 C9 A1 6C 2A 3D D1 47 17 ....QE....l*=.G.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: BA F0 D8 B7 ....
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] precalculated dst_hash => 20 bytes @ 0x80a8000
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 0: 18 41 FB 10 AC B2 EB 16 27 BA 2E 01 89 66 58 99 .A......'....fX.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] 16: AC F7 4A E2 ..J.
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] received cert request for unknown ca with keyid 12:c4:8b:7e:aa:dd:51:29:cd:a1:17:18:a0:71:71:ff:60:79:bc:3b
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] reinitiating already active tasks
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] IKE_CERT_PRE task
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] IKE_AUTHENTICATE task
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] no private key found for '192.168.20.51'
Nov 17 13:28:39 destgd0h003661 charon: 14[IKE] IKE_SA net-net[1] state change: CONNECTING => DESTROYING
---------
BTS1.pem:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 317 (0x13d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=SwanRoot
Validity
Not Before: Nov 17 10:39:46 2010 GMT
Not After : Nov 14 10:39:46 2020 GMT
Subject: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cd:86:b6:3e:f8:06:d4:55:87:ae:ea:9b:f7:62:
22:35:db:7d:73:3f:50:aa:86:91:a6:fe:d6:69:bb:
64:ba:9b:00:ae:81:72:b0:b1:fa:be:85:5f:99:4b:
f7:05:e9:8a:1e:62:c5:5d:4b:9e:e0:17:f8:ad:7a:
f9:11:70:50:84:b2:e8:09:ee:d9:7d:5f:6b:b7:10:
e2:a2:b1:e7:9d:97:15:08:d0:ec:00:d3:ac:0a:de:
6d:81:b7:30:bf:1f:ec:3b:95:df:ec:36:96:0f:ea:
61:99:1e:4f:a3:38:87:4a:95:37:c8:92:48:ca:9b:
fc:92:d8:4f:f3:3b:cb:c2:89:71:fc:db:e4:ac:ba:
59:88:23:b8:be:ed:03:65:30:5c:a7:9c:b8:2f:34:
84:a4:70:42:1a:17:01:0e:fa:f2:05:02:ed:ca:57:
f9:d5:63:35:9e:8c:37:bd:b2:3a:cd:48:af:e9:a7:
66:24:06:fb:c1:b7:1a:dd:e7:fe:f5:f6:44:0d:f8:
e5:d9:0b:c5:9a:f9:95:fd:1b:ce:18:c2:99:5c:9a:
7d:37:e2:83:5e:cb:38:be:32:b1:3b:b6:25:55:77:
8b:24:8c:82:1b:95:79:7e:e7:ef:c5:4c:18:fd:77:
a0:f4:d6:d5:dc:f1:c3:1f:dd:b1:46:fd:34:29:4b:
6c:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B5:3C:65:1A:86:11:F4:C1:B2:0E:BE:B9:5A:ED:0B:21:73:2A:9C:E1
X509v3 Authority Key Identifier:
DirName:/C=DE/ST=Germany/L=Stuttgart/O=Alcatel-Lucent/OU=Wireless/CN=SwanRoot
serial:8E:05:6A:2B:17:47:C5:E8
X509v3 Subject Alternative Name:
email:swanClient at alcatel-lucent.com
Signature Algorithm: sha1WithRSAEncryption
4c:e1:f1:02:a2:a6:a2:cc:ed:0d:98:23:a9:a1:12:36:37:33:
f5:40:b6:ec:a0:43:c2:2f:49:7d:7f:72:1f:52:03:54:fd:d6:
33:dc:37:d2:68:5a:02:9e:78:d9:3a:6a:b1:b2:a9:de:42:a9:
7e:4d:d1:8e:60:71:58:3f:6d:2a:06:42:74:cb:97:6b:3c:93:
93:78:06:0d:79:60:3a:48:06:28:e0:10:5d:30:10:64:81:01:
a0:83:32:84:7e:6b:b6:71:c2:77:2e:2b:06:47:a3:24:09:e5:
cc:21:f2:8a:89:d3:84:bc:2a:a7:24:60:f7:5a:de:79:89:6f:
a2:83:d7:37:4b:4c:65:02:d6:67:64:07:5b:69:49:1c:a9:26:
43:e1:b2:ef:cc:31:be:fa:92:db:09:1e:62:08:9f:17:ed:bd:
2e:a3:43:90:82:b2:97:a8:c7:86:4c:dc:13:b7:dd:ea:34:12:
f6:44:72:57:b3:2b:c0:99:d6:e7:7b:5e:dc:93:44:b5:d6:89:
8f:9a:09:01:6c:06:6c:ab:5a:f0:54:62:a3:28:0a:ee:f0:0b:
63:e8:f1:c1:20:a9:b4:0e:77:90:99:9e:30:ff:55:33:4d:9d:
93:9d:a8:47:cb:35:58:f5:73:9d:8a:1f:76:85:bc:a9:96:87:
d8:9d:7b:cc
-----BEGIN CERTIFICATE-----
MIIEVTCCAz2gAwIBAgICAT0wDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCREUx
EDAOBgNVBAgTB0dlcm1hbnkxEjAQBgNVBAcTCVN0dXR0Z2FydDEXMBUGA1UEChMO
QWxjYXRlbC1MdWNlbnQxETAPBgNVBAsTCFdpcmVsZXNzMREwDwYDVQQDEwhTd2Fu
Um9vdDAeFw0xMDExMTcxMDM5NDZaFw0yMDExMTQxMDM5NDZaMEgxCzAJBgNVBAYT
AkRFMRcwFQYDVQQKEw5BbGNhdGVsLUx1Y2VudDERMA8GA1UECxMIV2lyZWxlc3Mx
DTALBgNVBAMTBFNXQU4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN
hrY++AbUVYeu6pv3YiI1231zP1CqhpGm/tZpu2S6mwCugXKwsfq+hV+ZS/cF6Yoe
YsVdS57gF/itevkRcFCEsugJ7tl9X2u3EOKiseedlxUI0OwA06wK3m2BtzC/H+w7
ld/sNpYP6mGZHk+jOIdKlTfIkkjKm/yS2E/zO8vCiXH82+SsulmII7i+7QNlMFyn
nLgvNISkcEIaFwEO+vIFAu3KV/nVYzWejDe9sjrNSK/pp2YkBvvBtxrd5/719kQN
+OXZC8Wa+ZX9G84Ywplcmn034oNeyzi+MrE7tiVVd4skjIIblXl+5+/FTBj9d6D0
1tXc8cMf3bFG/TQpS2ypAgMBAAGjggEdMIIBGTAPBgNVHRMECDAGAQH/AgEBMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUtTxlGoYR9MGyDr65Wu0LIXMqnOEwgY4GA1UdIwSBhjCBg6F2pHQwcjEL
MAkGA1UEBhMCREUxEDAOBgNVBAgTB0dlcm1hbnkxEjAQBgNVBAcTCVN0dXR0Z2Fy
dDEXMBUGA1UEChMOQWxjYXRlbC1MdWNlbnQxETAPBgNVBAsTCFdpcmVsZXNzMREw
DwYDVQQDEwhTd2FuUm9vdIIJAI4FaisXR8XoMCgGA1UdEQQhMB+BHXN3YW5DbGll
bnRAYWxjYXRlbC1sdWNlbnQuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBM4fECoqai
zO0NmCOpoRI2NzP1QLbsoEPCL0l9f3IfUgNU/dYz3DfSaFoCnnjZOmqxsqneQql+
TdGOYHFYP20qBkJ0y5drPJOTeAYNeWA6SAYo4BBdMBBkgQGggzKEfmu2ccJ3LisG
R6MkCeXMIfKKidOEvCqnJGD3Wt55iW+ig9c3S0xlAtZnZAdbaUkcqSZD4bLvzDG+
+pLbCR5iCJ8X7b0uo0OQgrKXqMeGTNwTt93qNBL2RHJXsyvAmdbne17ck0S11omP
mgkBbAZsq1rwVGKjKAru8Atj6PHBIKm0DneQmZ4w/1UzTZ2TnahHyzVY9XOdih92
hbyplofYnXvM
-----END CERTIFICATE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101117/81674720/attachment.html>
More information about the Users
mailing list