[strongSwan] IKE-Auth Problem
fatcharly at gmx.de
fatcharly at gmx.de
Tue Jan 12 12:00:18 CET 2021
Hi,
Im using a strongswan-5.7.2-1.el7.x86_64 on a CentOS Linux release 7.9.2009 (Core)as a vpn-gateway with already some working connections. I got some problems with a connection which want's to switch over to certificate authentication.
this is what I get when I start the connection:
[root at tig strongswan]# strongswan up connection_RLP_test
initiating IKE_SA lotto_RLP_test[19] to xxx.xxx.xxx.44
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from xxx.xxx.xxx.20[500] to xxx.xxx.xxx.44[500] (464 bytes)
received packet: from xxx.xxx.xxx.44[500] to xxx.xxx.xxx.20[500] (469 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ N(HTTP_CERT_LOOK) ]
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
received cert request for "C=de, O=connection RLP, CN=RLP CA 2015"
received 3 cert requests for an unknown ca
sending cert request for "C=de, O=connection RLP, CN=RLP CA 2015"
authentication of 'C=DE, ST=local, L=local, O=bay , OU=bay1, CN=vpn.gateway.de, E=tecs at gateway.de' (myself) with RSA signature successful
sending end entity cert "C=DE, ST=local, L=local, O=bay GmbH, OU=bay1, CN=vpn.gateway.de, E=tecs at gateway.de"
establishing CHILD_SA connection_RLP_test{24}
generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from xxx.xxx.xxx.20[500] to xxx.xxx.xxx.44[500] (1840 bytes)
received packet: from xxx.xxx.xxx.44[500] to xxx.xxx.xxx.20[500] (96 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'connection_RLP_test' failed
What is the problem, what can I do to solve it ?
Any suggestions are welcome
stay save and healthy
fatcharly
More information about the Users
mailing list