[strongSwan] policy missing in issuing certificate/no trusted RSA public key found/deleting IKE_SA
Damien Benoist
dams.benoist at gmail.com
Fri Jun 21 16:17:48 CEST 2013
Hi,
I'm trying to start a vpn and I can't reach hosts inside it.
I get "No route to host" when trying to connect.
Below are some commands and their outputs.
I'm really in the dark, can someone enlighten me?
Thanks for your help.
When starting vpn connection I get the following log messages:
charon: 02[CFG] certificate status is not available
charon: 02[CFG] policy 1.2.250.1.141.1.1.1 missing in issuing certificate '...'
charon: 02[IKE] no trusted RSA public key found for '...'
charon: 02[IKE] deleting IKE_SA cnx[1] between <local
IP>[...]...<remote IP>[...]
charon: 02[IKE] sending DELETE for IKE_SA cnx[1]
# ipsec up cnx
...
connection 'cnx' established successfully
# telnet <someHostIpInTheVPN> 443
Trying <someHostIpInTheVPN>...
telnet: Unable to connect to remote host: No route to host
# ipsec statusall
...
Security Associations (0 up, 0 connecting):
none
# ipsec --version
Linux strongSwan U5.0.4/K3.2.0-4-amd64
...
# cat ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
conn cnt
ike=3des-sha1-modp1024!
left=<local ip>
leftcert=crt.pem
leftauth=pubkey
leftauth2=xauth
leftfirewall=yes
right=<remote IP>
rightid="..."
rightauth=pubkey
auto=add
More information about the Users
mailing list