[strongSwan] policy missing in issuing certificate/no trusted RSA public key found/deleting IKE_SA

Damien Benoist dams.benoist at gmail.com
Fri Jun 21 16:17:48 CEST 2013


Hi,

I'm trying to start a vpn and I can't reach hosts inside it.
I get "No route to host" when trying to connect.
Below are some commands and their outputs.
I'm really in the dark, can someone enlighten me?

Thanks for your help.


When starting vpn connection I get the following log messages:

charon: 02[CFG] certificate status is not available
charon: 02[CFG] policy 1.2.250.1.141.1.1.1 missing in issuing certificate '...'
charon: 02[IKE] no trusted RSA public key found for '...'
charon: 02[IKE] deleting IKE_SA cnx[1] between <local
IP>[...]...<remote IP>[...]
charon: 02[IKE] sending DELETE for IKE_SA cnx[1]

# ipsec up cnx
...
connection 'cnx' established successfully

# telnet <someHostIpInTheVPN> 443
Trying <someHostIpInTheVPN>...
telnet: Unable to connect to remote host: No route to host

# ipsec statusall
...
Security Associations (0 up, 0 connecting):
  none

# ipsec --version
Linux strongSwan U5.0.4/K3.2.0-4-amd64
...

# cat ipsec.conf
config setup
        # strictcrlpolicy=yes
        # uniqueids = no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1

conn cnt
        ike=3des-sha1-modp1024!
        left=<local ip>
        leftcert=crt.pem
        leftauth=pubkey
        leftauth2=xauth
        leftfirewall=yes
        right=<remote IP>
        rightid="..."
        rightauth=pubkey
        auto=add




More information about the Users mailing list