[strongSwan] Configure RoadWarrior

carachi diego carachi83 at gmail.com
Tue Mar 26 18:39:38 CET 2013


Hello,
I am trying to configure a roadwarrior system between Linux Debian and
Windows XP.

I configure the gateway like in the example but it give me this error:

Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found for '
diego at ipsec.org'
Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found
Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1 request
2480925513 [ HASH N(AUTH_FAILED) ]

How can I solve it?
Thank you very much.



LOG FILE

Mar 26 14:06:40 debian charon: 00[DMN] signal of type SIGINT received.
Shutting down
Mar 26 14:06:43 debian charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)
Mar 26 14:06:43 debian charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Mar 26 14:06:43 debian charon: 00[CFG]   loaded ca certificate "C=UK,
ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=root at ipsec.com"
from '/etc/ipsec.d/cacerts/ca.crt'
Mar 26 14:06:43 debian charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Mar 26 14:06:43 debian charon: 00[CFG] loading ocsp signer certificates
from '/etc/ipsec.d/ocspcerts'
Mar 26 14:06:43 debian charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Mar 26 14:06:43 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 26 14:06:43 debian charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Mar 26 14:06:43 debian charon: 00[CFG]   loaded RSA private key from
'/etc/ipsec.d/private/gateway.key'
Mar 26 14:06:43 debian charon: 00[DMN] loaded plugins: charon curl
test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509
revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default
updown
Mar 26 14:06:43 debian charon: 00[JOB] spawning 16 worker threads
Mar 26 14:06:43 debian charon: 08[CFG] received stroke: add connection 'rw'
Mar 26 14:06:43 debian charon: 08[CFG]   loaded certificate "C=UK, ST=Beds,
L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec, E=root at ipsec.com" from
'gateway.crt'
Mar 26 14:06:43 debian charon: 08[CFG]   id 'gw.ipsec.com' not confirmed by
certificate, defaulting to 'C=UK, ST=Beds, L=Luton, O=Beds, OU=IT,
CN=gateway, N=IPSec, E=root at ipsec.com'
Mar 26 14:06:43 debian charon: 08[CFG] added configuration 'rw'
Mar 26 14:06:51 debian charon: 10[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
Mar 26 14:06:51 debian charon: 10[ENC] parsed ID_PROT request 0 [ SA V V V
V V V V V V V V ]
Mar 26 14:06:51 debian charon: 10[IKE] received
draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
Mar 26 14:06:51 debian charon: 10[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 26 14:06:51 debian charon: 10[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 26 14:06:51 debian charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
Mar 26 14:06:51 debian charon: 10[IKE] received FRAGMENTATION vendor ID
Mar 26 14:06:51 debian charon: 10[IKE] received DPD vendor ID
Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
Mar 26 14:06:51 debian charon: 10[IKE] received Cisco Unity vendor ID
Mar 26 14:06:51 debian charon: 10[IKE] 172.16.151.141 is initiating a Main
Mode IKE_SA
Mar 26 14:06:51 debian charon: 10[ENC] generating ID_PROT response 0 [ SA V
V V ]
Mar 26 14:06:51 debian charon: 10[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
Mar 26 14:06:51 debian charon: 11[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
Mar 26 14:06:51 debian charon: 11[ENC] parsed ID_PROT request 0 [ KE No
CERTREQ NAT-D NAT-D ]
Mar 26 14:06:51 debian charon: 11[IKE] ignoring certificate request without
data
Mar 26 14:06:51 debian charon: 11[IKE] sending cert request for "C=UK,
ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=root at ipsec.com"
Mar 26 14:06:51 debian charon: 11[ENC] generating ID_PROT response 0 [ KE
No CERTREQ NAT-D NAT-D ]
Mar 26 14:06:51 debian charon: 11[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (517 bytes)
Mar 26 14:06:51 debian charon: 12[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (1564 bytes)
Mar 26 14:06:51 debian charon: 12[ENC] parsed ID_PROT request 0 [ ID CERT
SIG ]
Mar 26 14:06:51 debian charon: 12[IKE] received end entity cert "C=UK,
ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec, E=root at ipsec.com"
Mar 26 14:06:51 debian charon: 12[CFG] looking for RSA signature peer
configs matching 172.16.151.100...172.16.151.141[diego at ipsec.org]
Mar 26 14:06:51 debian charon: 12[CFG] selected peer config "rw"
Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found for '
diego at ipsec.org'
Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found
Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1 request
2480925513 [ HASH N(AUTH_FAILED) ]
Mar 26 14:06:51 debian charon: 12[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 26 14:07:18 debian mpt-statusd: detected non-optimal RAID status












-- 
http://www.2dd.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130326/5f373673/attachment.html>


More information about the Users mailing list