hello ..
i am new in using strongswan. plz help me setting host-host case.. I am
getting problem in executing command "ipsec up host-host"
RESULT IS:
[r...@sun etc]# ipsec start
Starting strongSwan 4.2.11 IPsec [starter]...
[r...@moon etc]# ipsec restart
Starting strongSwan 4.2.11 IPsec [starter
Hi,
it seems as if you messed up your public key infrastructure:
your end entity certificate is
'C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=is...@gmail.com'
but you no matching private key is found either because the private key
file defined in /etc/ipsec.secrets
: RSA myKey.pem "
hello..
thank for your valuable suggestion. i rectify my problem but still i am not
able to establish Security Association
following are the results of "ipsec listall" at both end.
result of "ipsec listall" at moon:
List of X.509 End Entity Certificates:
altNames: 192.168.3.3
subject: "C=
Please post the syslog entries and ipsec.conf from host sun.
abhishek kumar wrote:
> hello..
> thank for your valuable suggestion. i rectify my problem but still i am not
> able to establish Security Association
>
> following are the results of "ipsec listall" at both end.
>
> result of "ipsec l
syslog for moon:
Mar 11 01:30:23 ishan charon: 01[DMN] starting charon (strongSwan Version
4.2.11)
Mar 11 01:30:23 ishan charon: 01[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Mar 11 01:30:23 ishan charon: 01[LIB] missing passphrase
Mar 11 01:30:23 ishan charon: 01[LIB] fa
Thanks for this data.
First of all, the DN
C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com
does NOT match
C=AU, O=Mincom Pty. Ltd., CN=ishan
If you want to use wildcards, then you have to specify them explicitly.
Otherwise you have to name all RDNs explicitly.
Unfortunately the error is occuring on the other end:
received AUTHENTICATION_FAILED notify error
so that I don't know what's going wrong there.
Andreas
On Wed, 11 Mar 2009 18:40:00 +0530, abhishek kumar
wrote:
> hello..
> thank for your valuable suggestion. i rectify my problem but still i a
Hi,
Daniel is right! rightid must match the identity in the received certificate.
Since the IP addresses are contained as SubjectAltNames in the certificates
you could also set rightid and leftid to the appropriate IP addresses both on
moon and sun.
Regards
Andreas
On Wed, 11 Mar 2009 20:24:30
hello..
I did the same thing u told. but in that case it is showing same "received
AUTHENTICATION_FAILED notify error". plz take a look at moon(ishan)
"ipsec.conf"
ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
crlcheckinterval=600
strictcrl
abhishek kumar wrote:
> I did the same thing u told. but in that case it is showing same
> "received AUTHENTICATION_FAILED notify error".
Please post the logfiles and config files of the both peers like you did
before. I need to know *why* the authentication failed. You'll find that
information
hello..
plz help in establishing SA.
Here is syslog of both moon(ishan) and sun(abhishek) with there respective
ipsec.conf and syslog
ishan (moon): ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ike
Your identities must be consistent on both sides. Either you keep
to subject distinguished names (DNs):
ishan:
conn host-host
left=192.168.3.3
leftcert=ishanCert.pem
leftid="C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
right=192.168.3.4
12 matches
Mail list logo
