[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

[Jude Oliver]

Sorry I am not following, pretty new to this so please be patient and walk
me through this.
Keeping with left = local and right = remote.
The client (left) attempts to initiative an XAuth/RSA, passing its cert
(DN C=US, O=BSI, CN=judeo at blansys.com) even though my I have
leftauth2=xauth that is nor sufficient? Should I set left=xauth ?
And for rightid=10.0.11.160, I should set this to the DN?
Thanks again for any insight.


________________________________________


Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>

-----------------------------------------------------

Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars. 
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.









On 4/18/16, 10:23 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>Hi Jude,
>
>> Any insights into what I am missing in my setup, my hope is that this is
>> just some simple newbie mistake I am doing.
>
>Try reading the log:
>
>> Apr 18 09:45:42 RH7Standard charon: 12[CFG] looking for XAuthInitRSA
>>peer configs matching 10.0.11.200...10.0.11.160[C=US, O=BSI,
>>CN=judeo at blansys.com]
>
>The client wants to initiate an XAuth/RSA connection (with its
>certificate's subject DN as identity).  However, your config specifies:
>
>>    leftauth=psk
>>    rightauth=psk
>>    rightauth2=xauth
>
>That is, you configured XAuth/PSK.  You also set:
>
>>    rightid=10.0.11.160
>
>Which wouldn't match that subject DN even if the authentication methods
>were the same.
>
>You might want to have a look at [1].
>
>Regards,
>Tobias
>
>[1] https://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29
>