[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Mon Apr 25 18:35:14 CEST 2016

Still not behaving, seeing this error:
Apr 25 11:20:44 RH7Standard charon: 09[IKE] received end entity cert
"C=US, O=BSI, CN=judeo at blansys.com"
Apr 25 11:20:44 RH7Standard charon: 09[CFG] looking for XAuthInitRSA peer
configs matching[C=US, O=BSI,
CN=judeo at blansys.com]
Apr 25 11:20:44 RH7Standard charon: 09[IKE] found 1 matching config, but
none allows XAuthInitRSA authentication using Main Mode
Apr 25 11:20:44 RH7Standard charon: 09[ENC] generating INFORMATIONAL_V1
request 3548306400 [ HASH N(AUTH_FAILED) ]

I have tried a few variations with out success, like

I presume this is the configuration example I should be looking at to get
this to behave:


Jude Oliver
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>


Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.

On 4/25/16, 10:52 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>Hi Jude,
>> I am using a simplified ipsec.conf file:
>> cat ipsec.conf
>> # /etc/ipsec.conf - strongSwan IPsec configuration file
>> config setup
>> conn %default
>> 	ikelifetime=60m
>> 	keylife=20m
>> 	rekeymargin=3m
>> 	keyingtries=1
>> 	keyexchange=ikev1
>> leftauth=pubkey
>>    	rightauth=pubkey
>> 	rightid="C=US, O=BSI, CN=judeo at blansys.com"
>You need at least one conn section other than %default that has
>`auto=add` configured, otherwise, there are no configs:
>> Apr 25 09:47:57 RH7Standard charon: 10[IKE] no IKE config found for
>And you will probably still need rightauth2=xauth for this client.

More information about the Users mailing list