From a new installation it appears the —output arg on newhostkey should be mandatory. The connection gets established properly once this was put into place.
Sent from my iPhone > On Feb 19, 2018, at 8:10 PM, Paul Wouters <p...@nohats.ca> wrote: > >> On Sun, 18 Feb 2018, klwilson...@comcast.net wrote: >> >> Paul, I tried ran the attached reset script to reconfigure the environment. >> Hopefully there is absolutely no ambiguity in what I am attempting to do or >> use in my configuration. I also attached the host_to_host.conf file that >> results from the script showing the final state. > > I checked it and it looks fine. It should work. Are you at least on 3.21 > to ensure it works without any ipsec.secrets entries? > >> Your email regarding the left/right rsasigkey was a bit confusing. I believe >> these are right the way I have them. > > Yes, it is. > >> However, I am still running into the same problems. I have attached the conf >> file as well. >> >> 003 "host-to-host" #5: unable to locate my private key for RSA Signatures >> 224 "host-to-host" #5: STATE_MAIN_I2: AUTHENTICATION_FAILED >> 002 "host-to-host" #5: sending notification AUTHENTICATION_FAILED to >> 192.168.89.6:500 > > The only things I can think of at this point is that your libreswan > version requires the ipsec.secrets entry. Change the newhostkey > command to: ipsec newhostkey --output /etc/ipsec.secrets > (it will overwrite the existing file) > > If that doesn't solve it, maybe disable whatever security mechanisms > might be in play? FIPS? Selinux? AppArmor ? > > Paul _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
