[strongSwan] strongSwan [ no trusted RSA public key found for '10.13.199.185']

rajeev nohria rajnohria at gmail.com
Fri May 20 16:04:51 CEST 2016 

I am testing  between two Ubuntus. We are using  Strongswan 5.4.0. with
certificate and keys in swanctl/x509, swanctl/x509ca and swanctl/rsa.

I could not figure how to resolve this. I am creating certificates using
ipsec pki as an example on strongSwan website. Is it anything obvious I am
missing? Any help in this appreciated.


06[CFG] no issuer certificate found for "C=US, O=ARRIS, CN=peer"
06[IKE] no trusted RSA public key found for '10.13.199.185'




Initiator receives
----------------------
11[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
11[IKE] received AUTHENTICATION_FAILED notify error


Receptor
---------------------
rnohria at ubuntu:/$ sudo /usr/local/libexec/ipsec/charon
[sudo] password for rnohria:
00[DMN] Starting IKE charon daemon (strongSwan 5.4.0, Linux
3.16.0-30-generic, x86_64)
00[LIB] loaded plugins: charon pem pkcs1 x509 revocation constraints pubkey
openssl random nonce kernel-netlink socket-default updown vici
00[JOB] spawning 16 worker threads
08[CFG] added vici connection: rw
11[CFG] loaded certificate 'C=US, O=ARRIS, CN=peer'
06[CFG] loaded certificate 'C=US, O=ARRIS, CN=RPD'
15[CFG] loaded RSA private key
09[NET] received packet: from 10.13.199.185[500] to 10.13.199.130[500] (264
bytes)
09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(HASH_ALG) N(REDIR_SUP) ]
09[IKE] 10.13.199.185 is initiating an IKE_SA
09[IKE] sending cert request for "C=US, O=ARRIS, CN=RPD"
09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
09[NET] sending packet: from 10.13.199.130[500] to 10.13.199.185[500] (289
bytes)
06[NET] received packet: from 10.13.199.185[4500] to 10.13.199.130[4500]
(1328 bytes)
06[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP)
SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
06[IKE] received 1 cert requests for an unknown ca
06[IKE] received end entity cert "C=US, O=ARRIS, CN=peer"
06[CFG] looking for peer configs matching
10.13.199.130[10.13.199.130]...10.13.199.185[10.13.199.185]
06[CFG] selected peer config 'rw'
06[CFG]   using certificate "C=US, O=ARRIS, CN=peer"
06[CFG] no issuer certificate found for "C=US, O=ARRIS, CN=peer"
06[IKE] no trusted RSA public key found for '10.13.199.185'
06[IKE] peer supports MOBIKE
06[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
06[NET] sending packet: from 10.13.199.130[4500] to 10.13.199.185[4500] (80
bytes)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160520/4e0b86e7/attachment.html>

More information about the Users mailing list