[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Mon Apr 25 18:35:14 CEST 2016 

Still not behaving, seeing this error:
Apr 25 11:20:44 RH7Standard charon: 09[IKE] received end entity cert
"C=US, O=BSI, CN=judeo at blansys.com"
Apr 25 11:20:44 RH7Standard charon: 09[CFG] looking for XAuthInitRSA peer
configs matching 10.0.11.200...10.0.11.160[C=US, O=BSI,
CN=judeo at blansys.com]
Apr 25 11:20:44 RH7Standard charon: 09[IKE] found 1 matching config, but
none allows XAuthInitRSA authentication using Main Mode
Apr 25 11:20:44 RH7Standard charon: 09[ENC] generating INFORMATIONAL_V1
request 3548306400 [ HASH N(AUTH_FAILED) ]



I have tried a few variations with out success, like
authby=xauthrsasig
	authby=xauthpsk


I presume this is the configuration example I should be looking at to get
this to behave:
https://www.strongswan.org/testing/testresults/ikev1/xauth-id-rsa-hybrid/




________________________________________


Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>

-----------------------------------------------------

Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars. 
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.









On 4/25/16, 10:52 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>Hi Jude,
>
>> I am using a simplified ipsec.conf file:
>> cat ipsec.conf
>> # /etc/ipsec.conf - strongSwan IPsec configuration file
>> 
>> 
>> config setup
>> 
>> 
>> conn %default
>> 	ikelifetime=60m
>> 	keylife=20m
>> 	rekeymargin=3m
>> 	keyingtries=1
>> 	keyexchange=ikev1
>> leftauth=pubkey
>>    	rightauth=pubkey
>> 	rightid="C=US, O=BSI, CN=judeo at blansys.com"
>
>You need at least one conn section other than %default that has
>`auto=add` configured, otherwise, there are no configs:
>
>> Apr 25 09:47:57 RH7Standard charon: 10[IKE] no IKE config found for
>> 10.0.11.200...10.0.11.160, sending NO_PROPOSAL_CHOSEN
>
>And you will probably still need rightauth2=xauth for this client.
>
>Regards,
>Tobias
>

More information about the Users mailing list