[strongSwan] questions on syslog output; linux server/mac client RSA certificate auth
martin at strongswan.org
Wed Dec 17 10:08:52 CET 2014
> 14[CFG] looking for RSA signature peer configs matching vpn_ip...client_ip[C=US, O=ThatsUs, CN=myemailaddr]
> Would this be as expected? I can't figure out why it isn't trying to
> match to the vpn host certificate.
Before looking for certificates, strongSwan looks for a configuration
that matches the proposed identities and authentication method.
> 14[IKE] found 1 matching config, but none allows RSA signature authentication using Main Mode
> Can anyone tell me what this means?
It means that the daemon couldn't find a configuration for that client
that uses RSA authentication with Main Mode.
> 07[CFG] rightauth=pubkey
> 07[CFG] rightauth2=xauth-noauth
Your config uses XAuth, that is RSA followed by username/password
authentication. This is not the same as the client expects, try to
remove the rightauth2 line to use RSA authentication only.
More information about the Users