[strongSwan] Why a certificate error when we are using PSK....

Chris Arnold carnold at electrichendrix.com
Mon Apr 2 19:58:45 CEST 2012

and not certificates. We started to use certificates and then found that the solution we thought would meet our needs in fact would not meet our needs. So, we went with PSK. Now when trying to build the tunnel, we get:
ipsec up teknerds                                                                                                                                                                 
initiating IKE_SA teknerds[1] to sonicwall.publi.ip                                                                                                                                        
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]                                                                
sending packet: from[500] to sonicwall.publi.ip[500]                                                                                                                             
received packet: from sonicwall.publi.ip[500] to[500]                                                                                                                            
invalid X509 hash length (0)in certreq                                                                                                                                CERTIFICATE_REQUEST payload verification failed

Is this normal? If not, how do we fix it?                                                                                                     

More information about the Users mailing list