[strongSwan] Authentication FAILED
Hardik Gohil
hardikgohil1988 at gmail.com
Thu Aug 6 04:49:06 CEST 2015
Hello Noel,
sorry date is set to November in this CPU.
data is latest.
Regards,
Hardik A Gohil
On Thu, Aug 6, 2015 at 10:42 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Hardik,
>
> What's up with the reluctancy to read log files?
> And why do you send logs from november?
>
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending
> NO_PROPOSAL_CHOSEN
> >conn host-host
> > leftcert=moonCert.der
> > right=192.168.82.111
> > rightid="C=CH, O=strongSwan, CN=sun.strongswan.org <
> http://sun.strongswan.org>"
> > auto=add
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 06.08.2015 um 04:29 schrieb Hardik Gohil:
> > Hello,
> >
> > I am using strongswan-5.3 to connect host-host
> >
> > moon(192.168.82.99)<------------>sun(192.168.82.111)
> >
> > error for this:
> >
> > root at phyCORE-AM335x:~ ipsec up host-host
> > initiating IKE_SA host-host[1] to 192.168.82.111
> > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> N(HASH_ALG) ]
> > sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (684
> bytes)
> > received packet: from 192.168.82.111[500] to 192.168.82.99[500] (481
> bytes)
> > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
> > received 1 cert requests for an unknown ca
> > sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
> > authentication of 'C=CH, O=strongSwan, CN=moon.strongswan.org <
> http://moon.strongswan.org>' (myself) with RSA_EMSA_PKCS1_SHA256
> successful
> > sending end entity cert "C=CH, O=strongSwan, CN=moon.strongswan.org <
> http://moon.strongswan.org>"
> > establishing CHILD_SA host-host
> > generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr
> AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> > sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (1884
> bytes)
> > received packet: from 192.168.82.111[500] to 192.168.82.99[500] (76
> bytes)
> > parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> > received AUTHENTICATION_FAILED notify error
> > establishing connection 'host-host' failed
> >
> > log messages:
> > Nov 22 07:50:06 phyCORE-AM335x authpriv.info <http://authpriv.info>
> ipsec_starter[1389]: Starting strongSwan 5.3.2 IPsec [starter]...
> > Nov 22 07:50:06 phyCORE-AM335x authpriv.info <http://authpriv.info>
> ipsec_starter[1389]: !! Your strongswan.conf contains manual plugin load
> options for charon.
> > Nov 22 07:50:06 phyCORE-AM335x authpriv.info <http://authpriv.info>
> ipsec_starter[1389]: !! This is recommended for experts only, see
> > Nov 22 07:50:06 phyCORE-AM335x authpriv.info <http://authpriv.info>
> ipsec_starter[1389]: !!
> http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.2.0-PD13.1.2,
> armv7l)
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[KNL] received netlink error: Operation not supported (95)
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[KNL] unable to create IPv4 routing table rule
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[KNL] received netlink error: Operation not supported (95)
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[KNL] unable to create IPv6 routing table rule
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan Root CA"
> from '/etc/ipsec.d/cacerts/strongswanCert.der'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading crls from '/etc/ipsec.d/crls'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loading secrets from '/etc/ipsec.secrets'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/moonKey.der'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[LIB] loaded plugins: charon aes sha1 sha2 pem pkcs1 gmp random nonce
> x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
> attr
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 00[JOB] spawning 16 worker threads
> > Nov 22 07:50:06 phyCORE-AM335x authpriv.info <http://authpriv.info>
> ipsec_starter[1402]: charon (1403) started after 100 ms
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[CFG] received stroke: add connection 'host-host'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[CFG] left nor right host is our side, assuming left=local
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[CFG] loaded certificate "C=CH, O=strongSwan, CN=moon.strongswan.org <
> http://moon.strongswan.org>" from 'moonCert.der'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH,
> O=strongSwan, CN=moon.strongswan.org <http://moon.strongswan.org>'
> > Nov 22 07:50:06 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[CFG] added configuration 'host-host'
> > Nov 22 07:50:14 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[CFG] received stroke: initiate 'host-host'
> > Nov 22 07:50:14 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 02[IKE] initiating IKE_SA host-host[1] to 192.168.82.111
> > Nov 22 07:50:14 phyCORE-AM335x authpriv.info <http://authpriv.info>
> charon: 02[IKE] initiating IKE_SA host-host[1] to 192.168.82.111
> > Nov 22 07:50:15 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) N(HASH_ALG) ]
> > Nov 22 07:50:15 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 02[NET] sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (684
> bytes)
> > Nov 22 07:50:15 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[NET] received packet: from 192.168.82.111[500] to 192.168.82.99[500]
> (481 bytes)
> > Nov 22 07:50:15 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[IKE] received 1 cert requests for an unknown ca
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[IKE] authentication of 'C=CH, O=strongSwan, CN=moon.strongswan.org <
> http://moon.strongswan.org>' (myself) with RSA_EMSA_PKCS1_SHA256
> successful
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[IKE] sending end entity cert "C=CH, O=strongSwan, CN=
> moon.strongswan.org <http://moon.strongswan.org>"
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[IKE] establishing CHILD_SA host-host
> > Nov 22 07:50:16 phyCORE-AM335x authpriv.info <http://authpriv.info>
> charon: 11[IKE] establishing CHILD_SA host-host
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ
> IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 11[NET] sending packet: from 192.168.82.99[500] to 192.168.82.111[500]
> (1884 bytes)
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 15[NET] received packet: from 192.168.82.111[500] to 192.168.82.99[500] (76
> bytes)
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 15[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> > Nov 22 07:50:16 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 15[IKE] received AUTHENTICATION_FAILED notify error
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312
> bytes)
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending
> NO_PROPOSAL_CHOSEN
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[ENC] generating INFORMATIONAL_V1 request 633227307 [ N(NO_PROP) ]
> > Nov 22 07:50:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40
> bytes)
> > Nov 22 07:51:12 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312
> bytes)
> > Nov 22 07:51:12 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
> > Nov 22 07:51:12 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending
> NO_PROPOSAL_CHOSEN
> > Nov 22 07:51:12 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[ENC] generating INFORMATIONAL_V1 request 2444041484 [ N(NO_PROP) ]
> > Nov 22 07:51:12 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 08[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40
> bytes)
> > Nov 22 07:51:52 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312
> bytes)
> > Nov 22 07:51:52 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
> > Nov 22 07:51:52 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending
> NO_PROPOSAL_CHOSEN
> > Nov 22 07:51:52 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[ENC] generating INFORMATIONAL_V1 request 3535449560 [ N(NO_PROP) ]
> > Nov 22 07:51:52 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 09[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40
> bytes)
> > Nov 22 07:52:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312
> bytes)
> > Nov 22 07:52:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
> > Nov 22 07:52:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending
> NO_PROPOSAL_CHOSEN
> > Nov 22 07:52:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[ENC] generating INFORMATIONAL_V1 request 1995267650 [ N(NO_PROP) ]
> > Nov 22 07:52:32 phyCORE-AM335x daemon.info <http://daemon.info> charon:
> 03[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40
> bytes)
> >
> >
> > moon config:
> >
> > # /etc/ipsec.conf - strongSwan IPsec configuration file
> >
> > config setup
> >
> > conn %default
> > ikelifetime=60m
> > keylife=20m
> > rekeymargin=3m
> > keyingtries=1
> > mobike=no
> > keyexchange=ikev2
> >
> > conn host-host
> > leftcert=moonCert.der
> > right=192.168.82.111
> > rightid="C=CH, O=strongSwan, CN=sun.strongswan.org <
> http://sun.strongswan.org>"
> > auto=add
> >
> > root at phyCORE-AM335x:~ cat /etc/ipsec.secrets
> > # /etc/ipsec.secrets - strongSwan IPsec secrets file
> >
> > : RSA moonKey.der
> >
> >
> > Please help me.
> >
> >
> >
> >
> >
> >
> > Regards,
> > Hardik A Gohil
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVwsl6AAoJEDg5KY9j7GZYTxkP/3vbLKY3r6DrdAgc+OOXvIA5
> lfYg2OHfknVNoSD2fbgXOMKj8/ghJXfgHSaVmA05zasA706f5ro7LQ9yUBqpFf75
> OWSwBmL2/k7pNoaOTUNcn0lJtqSm8jjT7tSLWN0r8xJnypmxQNhFSOiZ0+o9xlCt
> qXvTLHmlJO7kvIEzGd8lV0RnZRAzSFNHYLrBAbRbnlECjsD5lc4kwpWKsmzH9Y6e
> iJ89nysR60SqZoBhrJ9kgFhIwUXXcm2PaHKW0fVZcor9Nx+2hvKnQ3TwHYZG5Xs/
> D+OZuFORmT4Wpk/UHkQML81TmvKOGmY6TETquLbmwOtBu2dh3BhPIaU/qgs/uQtt
> DHN1zZkkILzITD4z4tNzY9g/ep8zCtx+JcCHr7UpK2p/fQu6ZSexC3Bp2eshuDbk
> XJajSAm8tn0r65BLSSUcn6zgNuqMP4eo/FYRTnwNWA1vx2WAq38A+e3HuK330gnY
> 2QOvUfzScmjPVCv7pFyVXgpywkR27i7VIYbM48/dfEV3BQ2DeKsd0KIWWJmMZI25
> 3I7XrsWOX8jhdXzN3EZpSJ6uNX0xnv+a2R8NA4Hk7mPQThwVDXKdMUeitDuQe5yL
> 39NgBQ/Zu4sAawnxaElnFi48QSsS0fl20Vd+vTCM12zlMiGxIF4wg4aM49ze8oDY
> P7Ak30rptY2AzmPXfhAG
> =LMVI
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150806/72e23fd1/attachment-0001.html>
More information about the Users
mailing list