hello ....
i tried to setup IKEv2 host-host but i stuck with the "received
AUTHENTICATION_FAILED notify error" error. plz help me to find the mistake.
the overall description like syslog, ipsec.conf and the console output is is
given in http://docs.google.com/Doc?id=dcnv8x8t_10g6zczndr&hl=en from
moon[ishan] and sun[abhishek]. plz have look at it.
or u can find in attachment.
*****ishan [ moon ]******
Mar 12 04:35:35 ishan charon: 01[DMN] starting charon (strongSwan Version
4.2.11)
Mar 12 04:35:35 ishan charon: 01[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Mar 12 04:35:35 ishan charon: 01[LIB] missing passphrase
Mar 12 04:35:35 ishan charon: 01[LIB] failed to create a builder for credential
type CRED_CERTIFICATE, subtype (1)
Mar 12 04:35:35 ishan charon: 01[LIB] loaded certificate file
'/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem'
Mar 12 04:35:35 ishan charon: 01[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Mar 12 04:35:35 ishan charon: 01[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
Mar 12 04:35:35 ishan charon: 01[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Mar 12 04:35:35 ishan charon: 01[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Mar 12 04:35:35 ishan charon: 01[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Mar 12 04:35:35 ishan charon: 01[CFG] loaded private key file
'/usr/local/etc/ipsec.d/private/ishanKey.pem'
Mar 12 04:35:35 ishan charon: 01[DMN] loaded plugins: aes des sha1 sha2 md5
fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown
Mar 12 04:35:35 ishan charon: 01[KNL] listening on interfaces:
Mar 12 04:35:35 ishan charon: 01[KNL] eth0
Mar 12 04:35:35 ishan charon: 01[KNL] 192.168.3.3
Mar 12 04:35:35 ishan charon: 01[KNL] fe80::221:9bff:fed7:2de8
Mar 12 04:35:35 ishan charon: 01[KNL] wmaster0
Mar 12 04:35:35 ishan charon: 01[KNL] wlan0
Mar 12 04:35:35 ishan charon: 01[KNL] virbr0
Mar 12 04:35:35 ishan charon: 01[KNL] 192.168.122.1
Mar 12 04:35:35 ishan charon: 01[KNL] fe80::8015:94ff:fecd:d6af
Mar 12 04:35:35 ishan charon: 01[JOB] spawning 16 worker threads
Mar 12 04:35:35 ishan charon: 03[CFG] received stroke: add connection
'host-host'
Mar 12 04:35:35 ishan charon: 03[LIB] loaded certificate file
'/usr/local/etc/ipsec.d/certs/ishanCert.pem'
Mar 12 04:35:35 ishan charon: 03[CFG] added configuration 'host-host':
192.168.3.3[192.168.3.3]...192.168.3.4[192.168.3.4]
Mar 12 04:35:52 ishan charon: 10[CFG] received stroke: initiate 'host-host'
Mar 12 04:35:52 ishan charon: 12[IKE] initiating IKE_SA host-host[1] to
192.168.3.4
Mar 12 04:35:52 ishan charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 12 04:35:52 ishan charon: 12[NET] sending packet: from 192.168.3.3[500] to
192.168.3.4[500]
Mar 12 04:35:52 ishan charon: 13[NET] received packet: from 192.168.3.4[500] to
192.168.3.3[500]
Mar 12 04:35:52 ishan charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 12 04:35:52 ishan charon: 13[IKE] received cert request for "C=AU, ST=QLD,
L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 04:35:52 ishan charon: 13[IKE] sending cert request for "C=AU, ST=QLD,
L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 04:35:52 ishan charon: 13[IKE] authentication of '192.168.3.3' (myself)
with RSA signature successful
Mar 12 04:35:52 ishan charon: 13[IKE] sending end entity cert "C=AU, ST=QLD,
O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 04:35:52 ishan charon: 13[IKE] establishing CHILD_SA host-host
Mar 12 04:35:52 ishan charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT
CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ]
Mar 12 04:35:52 ishan charon: 13[NET] sending packet: from 192.168.3.3[4500] to
192.168.3.4[4500]
Mar 12 04:35:52 ishan charon: 14[NET] received packet: from 192.168.3.4[4500]
to 192.168.3.3[4500]
Mar 12 04:35:52 ishan charon: 14[ENC] parsed IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Mar 12 04:35:52 ishan charon: 14[IKE] received AUTHENTICATION_FAILED notify
error
Mar 12 04:35:52 ishan charon: 14[KNL] received netlink error: Invalid argument
(22)
Mar 12 04:35:52 ishan charon: 14[KNL] unable to delete SAD entry with SPI
ce595853
Mar 12 04:36:22 ishan charon: 04[KNL] creating delete job for ESP CHILD_SA with
SPI ce595853 and reqid {1}
Mar 12 04:36:22 ishan charon: 15[JOB] CHILD_SA with reqid 1 not found for delete
------------------------------------------
ishan (moon): ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=192.168.3.3
leftcert=ishanCert.pem
right=192.168.3.4
auto=add
-----------------------------------------------------------------------
ishan(moon):
follwing command we excecuted after ipsec start
[r...@ishan ishan]# ipsec up host-host
initiating IKE_SA host-host[3] to 192.168.3.4
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.3.3[500] to 192.168.3.4[500]
received packet: from 192.168.3.4[500] to 192.168.3.3[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
received cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd.,
OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
sending cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce,
CN=ishan, e=ishansharm...@gmail.com"
authentication of '192.168.3.3' (myself) with RSA signature successful
sending end entity cert "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
establishing CHILD_SA host-host
generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(ADD_4_ADDR) ]
sending packet: from 192.168.3.3[4500] to 192.168.3.4[4500]
received packet: from 192.168.3.4[4500] to 192.168.3.3[4500]
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
[r...@ishan ishan]# ipsec statusall
Performance:
uptime: 33 minutes, since Mar 12 04:35:35 2009
worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac
gmp kernel-netlink stroke updown
Listening IP addresses:
192.168.3.3
192.168.122.1
Connections:
host-host: 192.168.3.3[192.168.3.3]...192.168.3.4[192.168.3.4]
host-host: CAs: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce,
CN=ishan, e=ishansharm...@gmail.com"...%any
host-host: public key authentication
host-host: dynamic/32 === dynamic/32
Security Associations:
none
[r...@ishan ishan]# ipsec listall
List of X.509 End Entity Certificates:
altNames: 192.168.3.3
subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
serial: 10:00:06
validity: not before Mar 10 22:04:25 2009, ok
not after Mar 10 22:04:25 2011, ok
pubkey: RSA 1024 bits, has private key
keyid: 7e:35:20:c0:96:1e:c7:53:77:c2:44:3a:98:0a:84:96:7b:ad:9b:ee
subjkey: c4:84:38:1c:2b:22:c4:39:6a:c7:6e:5d:9a:5e:06:3c:98:a3:25:37
authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
List of X.509 CA Certificates:
subject: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
serial: 00:d5:8c:82:99:da:6c:4e:99
validity: not before Mar 10 20:39:13 2009, ok
not after Mar 09 20:39:13 2013, ok
pubkey: RSA 2048 bits
keyid: 6d:19:04:8c:44:f3:07:70:73:2d:04:d1:e9:b4:fa:93:0e:d0:8d:a6
subjkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
List of registered IKEv2 Algorithms:
encryption: AES_CBC 3DES DES
integrity: AES_XCBC_96 HMAC_SHA1_96 AUTH_HMAC_SHA1_128
AUTH_HMAC_SHA2_256_128 HMAC_MD5_96 AUTH_HMAC_SHA2_384_192
AUTH_HMAC_SHA2_512_256
hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5
prf: PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_CBC PRF_HMAC_SHA2_256
PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512
dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT
MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT
=======================================================================================================================================
=======================================================================================================================================
*****abhishek [sun]*******
Mar 12 23:01:02 abhishek charon: 01[DMN] starting charon (strongSwan Version
4.2.11)
Mar 12 23:01:02 abhishek charon: 01[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Mar 12 23:01:02 abhishek charon: 01[LIB] missing passphrase
Mar 12 23:01:02 abhishek charon: 01[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)
Mar 12 23:01:02 abhishek charon: 01[LIB] loaded certificate file
'/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem'
Mar 12 23:01:02 abhishek charon: 01[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Mar 12 23:01:02 abhishek charon: 01[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
Mar 12 23:01:02 abhishek charon: 01[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Mar 12 23:01:02 abhishek charon: 01[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Mar 12 23:01:02 abhishek charon: 01[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Mar 12 23:01:02 abhishek charon: 01[CFG] loaded private key file
'/usr/local/etc/ipsec.d/private/abhishekKey.pem'
Mar 12 23:01:02 abhishek charon: 01[DMN] loaded plugins: aes des sha1 sha2 md5
gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
Mar 12 23:01:02 abhishek charon: 01[KNL] listening on interfaces:
Mar 12 23:01:02 abhishek charon: 01[KNL] eth0
Mar 12 23:01:02 abhishek charon: 01[KNL] 192.168.3.4
Mar 12 23:01:02 abhishek charon: 01[KNL] fe80::213:d3ff:febe:69d1
Mar 12 23:01:02 abhishek charon: 01[JOB] spawning 16 worker threads
Mar 12 23:01:02 abhishek charon: 03[CFG] received stroke: add connection
'host-host'
Mar 12 23:01:02 abhishek charon: 03[LIB] loaded certificate file
'/usr/local/etc/ipsec.d/certs/abhishekCert.pem'
Mar 12 23:01:02 abhishek charon: 03[CFG] peerid 192.168.3.3 not confirmed by
certificate, defaulting to subject DN
Mar 12 23:01:02 abhishek charon: 03[CFG] added configuration 'host-host':
192.168.3.4[192.168.3.4]...192.168.3.3[C=AU, ST=QLD, O=Mincom Pty. Ltd.,
OU=rvce, CN=abhishek, e=abhis...@gmail.com]
Mar 12 23:01:09 abhishek charon: 10[NET] received packet: from 192.168.3.3[500]
to 192.168.3.4[500]
Mar 12 23:01:09 abhishek charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 12 23:01:09 abhishek charon: 10[IKE] 192.168.3.3 is initiating an IKE_SA
Mar 12 23:01:09 abhishek charon: 10[IKE] sending cert request for "C=AU,
ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 12 23:01:09 abhishek charon: 10[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:01:09 abhishek charon: 11[NET] received packet: from
192.168.3.3[4500] to 192.168.3.4[4500]
Mar 12 23:01:09 abhishek charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi CERT
CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ]
Mar 12 23:01:09 abhishek charon: 11[IKE] received cert request for "C=AU,
ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 11[IKE] received end entity cert "C=AU,
ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 11[CFG] using certificate "C=AU, ST=QLD,
O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 11[CFG] using trusted ca certificate "C=AU,
ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 11[CFG] checking certificate status of "C=AU,
ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
Mar 12 23:01:09 abhishek charon: 11[CFG] certificate status is not available
Mar 12 23:01:09 abhishek charon: 11[IKE] authentication of '192.168.3.3' with
RSA signature successful
Mar 12 23:01:09 abhishek charon: 11[IKE] peer supports MOBIKE
Mar 12 23:01:09 abhishek charon: 11[IKE] no matching config found for
'192.168.3.4'...'192.168.3.3'
Mar 12 23:01:09 abhishek charon: 11[ENC] generating IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Mar 12 23:01:09 abhishek charon: 11[NET] sending packet: from 192.168.3.4[4500]
to 192.168.3.3[4500]
Mar 12 23:01:39 abhishek charon: 03[CFG] received stroke: initiate 'host-host'
Mar 12 23:01:39 abhishek charon: 15[IKE] initiating IKE_SA host-host[2] to
192.168.3.3
Mar 12 23:01:39 abhishek charon: 15[ENC] generating IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 12 23:01:39 abhishek charon: 15[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:01:43 abhishek charon: 16[IKE] retransmit 1 of request with message
ID 0
Mar 12 23:01:43 abhishek charon: 16[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:01:51 abhishek charon: 17[IKE] retransmit 2 of request with message
ID 0
Mar 12 23:01:51 abhishek charon: 17[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:02:04 abhishek charon: 08[IKE] retransmit 3 of request with message
ID 0
Mar 12 23:02:04 abhishek charon: 08[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:02:27 abhishek charon: 09[IKE] retransmit 4 of request with message
ID 0
Mar 12 23:02:27 abhishek charon: 09[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:03:09 abhishek charon: 12[IKE] retransmit 5 of request with message
ID 0
Mar 12 23:03:09 abhishek charon: 12[NET] sending packet: from 192.168.3.4[500]
to 192.168.3.3[500]
Mar 12 23:04:24 abhishek charon: 14[IKE] giving up after 5 retransmits
Mar 12 23:04:24 abhishek charon: 14[IKE] establishing IKE_SA failed, peer not
responding
-------------------------------------------
abhishek sun: ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=192.168.3.3
right=192.168.3.4
rightcert=abhishekCert.pem
auto=add
--------------------------------------------------------------------------
following command we executed on abhishek [sun ] after ipsec start
[r...@abhishek etc]# ipsec start
Starting strongSwan 4.2.11 IPsec [starter] hi this this first test ...
no default route - cannot cope with %defaultroute!!!
insmod /lib/modules/2.6.18.8.tex5/kernel/net/key/af_key.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/ah4.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/esp4.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/ipcomp.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/tunnel4.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/xfrm4_tunnel.ko.gz
insmod /lib/modules/2.6.18.8.tex5/kernel/net/xfrm/xfrm_user.ko.gz
[r...@abhishek etc]# ipsec up host-host
initiating IKE_SA host-host[2] to 192.168.3.3
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.3.4[500] to 192.168.3.3[500]
retransmit 1 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.3[500]
retransmit 2 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.3[500]
retransmit 3 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.3[500]
retransmit 4 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.3[500]
[r...@abhishek etc]# ipsec statusall
Performance:
uptime: 105 seconds, since Mar 12 23:01:02 2009
worker threads: 9 idle of 16, job queue load: 1, scheduled events: 1
loaded plugins: aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
kernel-netlink updown
Listening IP addresses:
192.168.3.4
Connections:
host-host: 192.168.3.4[192.168.3.4]...192.168.3.3[C=AU, ST=QLD, O=Mincom
Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com]
host-host: CAs: %any..."C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd.,
OU=rvce, CN=ishan, e=ishansharm...@gmail.com"
host-host: public key authentication
host-host: dynamic/32 === dynamic/32
Security Associations:
host-host[2]: CONNECTING, 192.168.3.4[192.168.3.4]...192.168.3.3[C=AU,
ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com]
host-host[2]: IKE SPIs: b5b814882403c26d_i* 0000000000000000_r
[r...@abhishek etc]# ipsec listall
List of X.509 End Entity Certificates:
altNames: 192.168.3.3
subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
serial: 10:00:06
validity: not before Mar 10 22:04:25 2009, ok
not after Mar 10 22:04:25 2011, ok
pubkey: RSA 1024 bits
keyid: 7e:35:20:c0:96:1e:c7:53:77:c2:44:3a:98:0a:84:96:7b:ad:9b:ee
subjkey: c4:84:38:1c:2b:22:c4:39:6a:c7:6e:5d:9a:5e:06:3c:98:a3:25:37
authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
altNames: 192.168.3.4
subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek,
e=abhis...@gmail.com"
issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
serial: 10:00:07
validity: not before Mar 11 17:24:59 2009, ok
not after Mar 11 17:24:59 2011, ok
pubkey: RSA 1024 bits, has private key
keyid: a1:ae:79:92:34:f8:71:ec:19:fa:94:a6:9d:3b:72:f6:a5:70:8a:7a
subjkey: ea:b7:c7:50:e6:8d:5e:8e:d7:40:20:87:22:49:8f:d9:3e:36:99:cb
authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
List of X.509 CA Certificates:
subject: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
serial: 00:d5:8c:82:99:da:6c:4e:99
validity: not before Mar 10 20:39:13 2009, ok
not after Mar 09 20:39:13 2013, ok
pubkey: RSA 2048 bits
keyid: 6d:19:04:8c:44:f3:07:70:73:2d:04:d1:e9:b4:fa:93:0e:d0:8d:a6
subjkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48
List of registered IKEv2 Algorithms:
encryption: AES_CBC 3DES DES
integrity: HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128
HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMAC_SHA2_512_256 AES_XCBC_96
hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5
prf: PRF_KEYED_SHA1 PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5
PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 PRF_AES128_CBC
dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT
MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
