[strongSwan] Configure RoadWarrior

carachi diego carachi83 at gmail.com
Thu Mar 28 14:43:39 CET 2013


Hello Andreas,
Thank you very much! I solved the Certificates problem and now the end
point is able to connect to the server but It can't ping the inside network
of the server and it give this error:

Mar 28 10:17:20 debian charon: 13[ENC] generating INFORMATIONAL_V1 request
656008616 [ HASH N(DPD_ACK) ]
Mar 28 10:17:20 debian charon: 13[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 28 10:17:25 debian charon: 14[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:25 debian charon: 14[ENC] parsed QUICK_MODE request 2854336081
[ HASH SA No ID ID ]
Mar 28 10:17:25 debian charon: 14[ENC] received HASH payload does not match
Mar 28 10:17:25 debian charon: 14[IKE] integrity check failed

I try to understand to possible cause of this error but I didn't understart
why the integrity failed.
Thank you very much

Diego



Mar 28 10:16:21 debian charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)
Mar 28 10:16:21 debian charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Mar 28 10:16:21 debian charon: 00[CFG]   loaded ca certificate "C=UK,
ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com" from
'/etc/ipsec.d/cacerts/strongswanCert.pem'
Mar 28 10:16:21 debian charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Mar 28 10:16:21 debian charon: 00[CFG] loading ocsp signer certificates
from '/etc/ipsec.d/ocspcerts'
Mar 28 10:16:21 debian charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Mar 28 10:16:21 debian charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 28 10:16:21 debian charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Mar 28 10:16:21 debian charon: 00[CFG]   loaded RSA private key from
'/etc/ipsec.d/private/gatewayKey.pem'
Mar 28 10:16:21 debian charon: 00[DMN] loaded plugins: charon curl
test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509
revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default
updown
Mar 28 10:16:21 debian charon: 00[JOB] spawning 16 worker threads
Mar 28 10:16:21 debian charon: 08[CFG] received stroke: add connection 'rw'
Mar 28 10:16:21 debian charon: 08[CFG]   loaded certificate "C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com" from
'gatewayCert.pem'
Mar 28 10:16:21 debian charon: 08[CFG]   id 'ipsec.org' not confirmed by
certificate, defaulting to 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=
root at ipsec.com'
Mar 28 10:16:21 debian charon: 08[CFG] added configuration 'rw'
Mar 28 10:16:50 debian charon: 09[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
Mar 28 10:16:50 debian charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V
V V V V V V V V ]
Mar 28 10:16:50 debian charon: 09[IKE] received
draft-ietf-ipsec-nat-t-ike-00 vendor ID
Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID:
16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
Mar 28 10:16:50 debian charon: 09[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 28 10:16:50 debian charon: 09[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 28 10:16:50 debian charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Mar 28 10:16:50 debian charon: 09[IKE] received FRAGMENTATION vendor ID
Mar 28 10:16:50 debian charon: 09[IKE] received DPD vendor ID
Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID:
f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID:
16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
Mar 28 10:16:50 debian charon: 09[ENC] received unknown vendor ID:
84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
Mar 28 10:16:50 debian charon: 09[IKE] received Cisco Unity vendor ID
Mar 28 10:16:50 debian charon: 09[IKE] 172.16.151.141 is initiating a Main
Mode IKE_SA
Mar 28 10:16:50 debian charon: 09[ENC] generating ID_PROT response 0 [ SA V
V V ]
Mar 28 10:16:50 debian charon: 09[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
Mar 28 10:16:50 debian charon: 10[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
Mar 28 10:16:50 debian charon: 10[ENC] parsed ID_PROT request 0 [ KE No
CERTREQ NAT-D NAT-D ]
Mar 28 10:16:50 debian charon: 10[IKE] ignoring certificate request without
data
Mar 28 10:16:50 debian charon: 10[IKE] sending cert request for "C=UK,
ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 10[ENC] generating ID_PROT response 0 [ KE
No CERTREQ NAT-D NAT-D ]
Mar 28 10:16:50 debian charon: 10[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (499 bytes)
Mar 28 10:16:50 debian charon: 11[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)
Mar 28 10:16:50 debian charon: 11[ENC] parsed ID_PROT request 0 [ ID CERT
SIG ]
Mar 28 10:16:50 debian charon: 11[IKE] received end entity cert "C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 11[CFG] looking for RSA signature peer
configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds,
OU=IT, CN=ipsec, E=root at ipsec.com]
Mar 28 10:16:50 debian charon: 11[CFG] selected peer config "rw"
Mar 28 10:16:50 debian charon: 11[CFG]   using certificate "C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 11[CFG]   using trusted ca certificate
"C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 11[CFG] checking certificate status of
"C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 11[CFG] certificate status is not available
Mar 28 10:16:50 debian charon: 11[CFG]   reached self-signed root ca with a
path length of 0
Mar 28 10:16:50 debian charon: 11[IKE] authentication of 'C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com' with RSA successful
Mar 28 10:16:50 debian charon: 11[IKE] authentication of 'C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com' (myself) successful
Mar 28 10:16:50 debian charon: 11[IKE] IKE_SA rw[1] established between
172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
E=root at ipsec.com]...172.16.151.141[C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com]
Mar 28 10:16:50 debian charon: 11[IKE] scheduling reauthentication in 3385s
Mar 28 10:16:50 debian charon: 11[IKE] maximum IKE_SA lifetime 3565s
Mar 28 10:16:50 debian charon: 11[IKE] sending end entity cert "C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com"
Mar 28 10:16:50 debian charon: 11[ENC] generating ID_PROT response 0 [ ID
CERT SIG ]
Mar 28 10:16:50 debian charon: 11[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)
Mar 28 10:16:50 debian charon: 13[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:16:50 debian charon: 13[ENC] parsed INFORMATIONAL_V1 request
3664072698 [ HASH N(INITIAL_CONTACT) ]
Mar 28 10:16:50 debian charon: 14[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (76 bytes)
Mar 28 10:16:50 debian charon: 14[ENC] parsed TRANSACTION request
2518917709 [ HASH CP ]
Mar 28 10:16:50 debian charon: 14[ENC] generating TRANSACTION response
2518917709 [ HASH CP ]
Mar 28 10:16:50 debian charon: 14[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:16:56 debian charon: 15[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:16:56 debian charon: 15[ENC] parsed QUICK_MODE request 2858606142
[ HASH SA No ID ID ]
Mar 28 10:16:56 debian charon: 15[IKE] no matching CHILD_SA config found
Mar 28 10:16:56 debian charon: 15[ENC] generating INFORMATIONAL_V1 request
2459621628 [ HASH N(INVAL_ID) ]
Mar 28 10:16:56 debian charon: 15[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:01 debian charon: 07[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:01 debian charon: 07[IKE] received retransmit of request with
ID 2858606142, but no response to retransmit
Mar 28 10:17:01 debian /USR/SBIN/CRON[3245]: (root) CMD (   cd / &&
run-parts --report /etc/cron.hourly)
Mar 28 10:17:05 debian charon: 08[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:17:05 debian charon: 08[ENC] parsed INFORMATIONAL_V1 request
4147076213 [ HASH N(DPD) ]
Mar 28 10:17:05 debian charon: 08[ENC] generating INFORMATIONAL_V1 request
2369021677 [ HASH N(DPD_ACK) ]
Mar 28 10:17:05 debian charon: 08[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 28 10:17:06 debian charon: 09[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:06 debian charon: 09[ENC] parsed QUICK_MODE request 2858606142
[ HASH SA No ID ID ]
Mar 28 10:17:06 debian charon: 09[ENC] received HASH payload does not match
Mar 28 10:17:06 debian charon: 09[IKE] integrity check failed
Mar 28 10:17:06 debian charon: 09[ENC] generating INFORMATIONAL_V1 request
1652775182 [ HASH N(INVAL_HASH) ]
Mar 28 10:17:06 debian charon: 09[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:06 debian charon: 09[IKE] QUICK_MODE request with message ID
2858606142 processing failed
Mar 28 10:17:11 debian charon: 10[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:11 debian charon: 10[ENC] parsed QUICK_MODE request 2858606142
[ HASH SA No ID ID ]
Mar 28 10:17:11 debian charon: 10[ENC] received HASH payload does not match
Mar 28 10:17:11 debian charon: 10[IKE] integrity check failed
Mar 28 10:17:11 debian charon: 10[ENC] generating INFORMATIONAL_V1 request
1887643626 [ HASH N(INVAL_HASH) ]
Mar 28 10:17:11 debian charon: 10[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:11 debian charon: 10[IKE] QUICK_MODE request with message ID
2858606142 processing failed
Mar 28 10:17:20 debian charon: 11[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:20 debian charon: 11[ENC] parsed QUICK_MODE request 2854336081
[ HASH SA No ID ID ]
Mar 28 10:17:20 debian charon: 11[IKE] no matching CHILD_SA config found
Mar 28 10:17:20 debian charon: 11[ENC] generating INFORMATIONAL_V1 request
1010882080 [ HASH N(INVAL_ID) ]
Mar 28 10:17:20 debian charon: 11[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:20 debian charon: 13[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:17:20 debian charon: 13[ENC] parsed INFORMATIONAL_V1 request
1184807654 [ HASH N(DPD) ]
Mar 28 10:17:20 debian charon: 13[ENC] generating INFORMATIONAL_V1 request
656008616 [ HASH N(DPD_ACK) ]
Mar 28 10:17:20 debian charon: 13[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 28 10:17:25 debian charon: 14[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:25 debian charon: 14[ENC] parsed QUICK_MODE request 2854336081
[ HASH SA No ID ID ]
Mar 28 10:17:25 debian charon: 14[ENC] received HASH payload does not match
Mar 28 10:17:25 debian charon: 14[IKE] integrity check failed
Mar 28 10:17:25 debian charon: 14[ENC] generating INFORMATIONAL_V1 request
1598670743 [ HASH N(INVAL_HASH) ]
Mar 28 10:17:25 debian charon: 14[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:25 debian charon: 14[IKE] QUICK_MODE request with message ID
2854336081 processing failed
Mar 28 10:17:30 debian charon: 15[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:30 debian charon: 15[ENC] parsed QUICK_MODE request 2854336081
[ HASH SA No ID ID ]
Mar 28 10:17:30 debian charon: 15[ENC] received HASH payload does not match
Mar 28 10:17:30 debian charon: 15[IKE] integrity check failed
Mar 28 10:17:30 debian charon: 15[ENC] generating INFORMATIONAL_V1 request
270764453 [ HASH N(INVAL_HASH) ]
Mar 28 10:17:30 debian charon: 15[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:30 debian charon: 15[IKE] QUICK_MODE request with message ID
2854336081 processing failed
Mar 28 10:17:35 debian charon: 07[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (684 bytes)
Mar 28 10:17:35 debian charon: 07[ENC] parsed QUICK_MODE request 2854336081
[ HASH SA No ID ID ]
Mar 28 10:17:35 debian charon: 07[IKE] no matching CHILD_SA config found
Mar 28 10:17:35 debian charon: 07[ENC] generating INFORMATIONAL_V1 request
208760445 [ HASH N(INVAL_ID) ]
Mar 28 10:17:35 debian charon: 07[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Mar 28 10:17:35 debian charon: 08[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:17:35 debian charon: 08[ENC] parsed INFORMATIONAL_V1 request
744212579 [ HASH N(DPD) ]
Mar 28 10:17:35 debian charon: 08[ENC] generating INFORMATIONAL_V1 request
3492499132 [ HASH N(DPD_ACK) ]
Mar 28 10:17:35 debian charon: 08[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 28 10:17:50 debian charon: 09[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:17:50 debian charon: 09[ENC] parsed INFORMATIONAL_V1 request
898383404 [ HASH N(DPD) ]
Mar 28 10:17:50 debian charon: 09[ENC] generating INFORMATIONAL_V1 request
664623676 [ HASH N(DPD_ACK) ]
Mar 28 10:17:50 debian charon: 09[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
Mar 28 10:18:05 debian charon: 10[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Mar 28 10:18:05 debian charon: 10[ENC] parsed INFORMATIONAL_V1 request
3987655548 [ HASH N(DPD) ]
Mar 28 10:18:05 debian charon: 10[ENC] generating INFORMATIONAL_V1 request
896853964 [ HASH N(DPD_ACK) ]
Mar 28 10:18:05 debian charon: 10[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (92 bytes)




2013/3/26 Andreas Steffen <andreas.steffen at strongswan.org>

> Hi Diego,
>
> either the IKE identity "diego at ipsec.org" must be contained as a
> subjectAltName in the client certificate or the IKE identity must be
> ""C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec,
> E=root at ipsec.com".
>
> Regards
>
> Andreas
>
>  On 03/26/2013 06:39 PM, carachi diego wrote:
> > Hello,
> > I am trying to configure a roadwarrior system between Linux Debian and
> > Windows XP.
> >
> > I configure the gateway like in the example but it give me this error:
> >
> > Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found
> > for 'diego at ipsec.org <mailto:diego at ipsec.org>'
> > Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found
> > Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1
> > request 2480925513 [ HASH N(AUTH_FAILED) ]
> >
> > How can I solve it?
> > Thank you very much.
> >
> >
> >
> > LOG FILE
> >
> > Mar 26 14:06:40 debian charon: 00[DMN] signal of type SIGINT received.
> > Shutting down
> > Mar 26 14:06:43 debian charon: 00[DMN] Starting IKE charon daemon
> > (strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)
> > Mar 26 14:06:43 debian charon: 00[CFG] loading ca certificates from
> > '/etc/ipsec.d/cacerts'
> > Mar 26 14:06:43 debian charon: 00[CFG]   loaded ca certificate "C=UK,
> > ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=root at ipsec.com
> > <mailto:root at ipsec.com>" from '/etc/ipsec.d/cacerts/ca.crt'
> > Mar 26 14:06:43 debian charon: 00[CFG] loading aa certificates from
> > '/etc/ipsec.d/aacerts'
> > Mar 26 14:06:43 debian charon: 00[CFG] loading ocsp signer certificates
> > from '/etc/ipsec.d/ocspcerts'
> > Mar 26 14:06:43 debian charon: 00[CFG] loading attribute certificates
> > from '/etc/ipsec.d/acerts'
> > Mar 26 14:06:43 debian charon: 00[CFG] loading crls from
> '/etc/ipsec.d/crls'
> > Mar 26 14:06:43 debian charon: 00[CFG] loading secrets from
> > '/etc/ipsec.secrets'
> > Mar 26 14:06:43 debian charon: 00[CFG]   loaded RSA private key from
> > '/etc/ipsec.d/private/gateway.key'
> > Mar 26 14:06:43 debian charon: 00[DMN] loaded plugins: charon curl
> > test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509
> > revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink
> > socket-default updown
> > Mar 26 14:06:43 debian charon: 00[JOB] spawning 16 worker threads
> > Mar 26 14:06:43 debian charon: 08[CFG] received stroke: add connection
> 'rw'
> > Mar 26 14:06:43 debian charon: 08[CFG]   loaded certificate "C=UK,
> > ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec, E=root at ipsec.com
> > <mailto:root at ipsec.com>" from 'gateway.crt'
> > Mar 26 14:06:43 debian charon: 08[CFG]   id 'gw.ipsec.com
> > <http://gw.ipsec.com>' not confirmed by certificate, defaulting to
> > 'C=UK, ST=Beds, L=Luton, O=Beds, OU=IT, CN=gateway, N=IPSec,
> > E=root at ipsec.com <mailto:root at ipsec.com>'
> > Mar 26 14:06:43 debian charon: 08[CFG] added configuration 'rw'
> > Mar 26 14:06:51 debian charon: 10[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
> > Mar 26 14:06:51 debian charon: 10[ENC] parsed ID_PROT request 0 [ SA V V
> > V V V V V V V V V ]
> > Mar 26 14:06:51 debian charon: 10[IKE] received
> > draft-ietf-ipsec-nat-t-ike-00 vendor ID
> > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
> > 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
> > Mar 26 14:06:51 debian charon: 10[IKE] received
> > draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> > Mar 26 14:06:51 debian charon: 10[IKE] received
> > draft-ietf-ipsec-nat-t-ike-03 vendor ID
> > Mar 26 14:06:51 debian charon: 10[IKE] received NAT-T (RFC 3947) vendor
> ID
> > Mar 26 14:06:51 debian charon: 10[IKE] received FRAGMENTATION vendor ID
> > Mar 26 14:06:51 debian charon: 10[IKE] received DPD vendor ID
> > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
> > f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
> > 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> > Mar 26 14:06:51 debian charon: 10[ENC] received unknown vendor ID:
> > 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> > Mar 26 14:06:51 debian charon: 10[IKE] received Cisco Unity vendor ID
> > Mar 26 14:06:51 debian charon: 10[IKE] 172.16.151.141 is initiating a
> > Main Mode IKE_SA
> > Mar 26 14:06:51 debian charon: 10[ENC] generating ID_PROT response 0 [
> > SA V V V ]
> > Mar 26 14:06:51 debian charon: 10[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
> > Mar 26 14:06:51 debian charon: 11[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
> > Mar 26 14:06:51 debian charon: 11[ENC] parsed ID_PROT request 0 [ KE No
> > CERTREQ NAT-D NAT-D ]
> > Mar 26 14:06:51 debian charon: 11[IKE] ignoring certificate request
> > without data
> > Mar 26 14:06:51 debian charon: 11[IKE] sending cert request for "C=UK,
> > ST=Beds, L=Luton, O=Beds, OU=IT, CN=Beds CA, N=IPSec, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Mar 26 14:06:51 debian charon: 11[ENC] generating ID_PROT response 0 [
> > KE No CERTREQ NAT-D NAT-D ]
> > Mar 26 14:06:51 debian charon: 11[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (517 bytes)
> > Mar 26 14:06:51 debian charon: 12[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (1564 bytes)
> > Mar 26 14:06:51 debian charon: 12[ENC] parsed ID_PROT request 0 [ ID
> > CERT SIG ]
> > Mar 26 14:06:51 debian charon: 12[IKE] received end entity cert "C=UK,
> > ST=Beds, L=Luton, O=Beds, OU=IT, CN=client, N=IPSec, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Mar 26 14:06:51 debian charon: 12[CFG] looking for RSA signature peer
> > configs matching 172.16.151.100...172.16.151.141[diego at ipsec.org
> > <mailto:diego at ipsec.org>]
> > Mar 26 14:06:51 debian charon: 12[CFG] selected peer config "rw"
> > Mar 26 14:06:51 debian charon: 12[IKE] no trusted RSA public key found
> > for 'diego at ipsec.org <mailto:diego at ipsec.org>'
> > Mar 26 14:06:51 debian charon: 12[CFG] no alternative config found
> > Mar 26 14:06:51 debian charon: 12[ENC] generating INFORMATIONAL_V1
> > request 2480925513 [ HASH N(AUTH_FAILED) ]
> > Mar 26 14:06:51 debian charon: 12[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)
> > Mar 26 14:07:18 debian mpt-statusd: detected non-optimal RAID status
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>


-- 
http://www.2dd.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130328/435157b0/attachment.html>


More information about the Users mailing list