hello .... i tried to setup IKEv2 host-host but i stuck with the "received AUTHENTICATION_FAILED notify error" error. plz help me to find the mistake.
the overall description like syslog, ipsec.conf and the console output is is given in http://docs.google.com/Doc?id=dcnv8x8t_10g6zczndr&hl=en from moon[ishan] and sun[abhishek]. plz have look at it. or u can find in attachment.
*****ishan [ moon ]****** Mar 12 04:35:35 ishan charon: 01[DMN] starting charon (strongSwan Version 4.2.11) Mar 12 04:35:35 ishan charon: 01[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Mar 12 04:35:35 ishan charon: 01[LIB] missing passphrase Mar 12 04:35:35 ishan charon: 01[LIB] failed to create a builder for credential type CRED_CERTIFICATE, subtype (1) Mar 12 04:35:35 ishan charon: 01[LIB] loaded certificate file '/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem' Mar 12 04:35:35 ishan charon: 01[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Mar 12 04:35:35 ishan charon: 01[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Mar 12 04:35:35 ishan charon: 01[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Mar 12 04:35:35 ishan charon: 01[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Mar 12 04:35:35 ishan charon: 01[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Mar 12 04:35:35 ishan charon: 01[CFG] loaded private key file '/usr/local/etc/ipsec.d/private/ishanKey.pem' Mar 12 04:35:35 ishan charon: 01[DMN] loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown Mar 12 04:35:35 ishan charon: 01[KNL] listening on interfaces: Mar 12 04:35:35 ishan charon: 01[KNL] eth0 Mar 12 04:35:35 ishan charon: 01[KNL] 192.168.3.3 Mar 12 04:35:35 ishan charon: 01[KNL] fe80::221:9bff:fed7:2de8 Mar 12 04:35:35 ishan charon: 01[KNL] wmaster0 Mar 12 04:35:35 ishan charon: 01[KNL] wlan0 Mar 12 04:35:35 ishan charon: 01[KNL] virbr0 Mar 12 04:35:35 ishan charon: 01[KNL] 192.168.122.1 Mar 12 04:35:35 ishan charon: 01[KNL] fe80::8015:94ff:fecd:d6af Mar 12 04:35:35 ishan charon: 01[JOB] spawning 16 worker threads Mar 12 04:35:35 ishan charon: 03[CFG] received stroke: add connection 'host-host' Mar 12 04:35:35 ishan charon: 03[LIB] loaded certificate file '/usr/local/etc/ipsec.d/certs/ishanCert.pem' Mar 12 04:35:35 ishan charon: 03[CFG] added configuration 'host-host': 192.168.3.3[192.168.3.3]...192.168.3.4[192.168.3.4] Mar 12 04:35:52 ishan charon: 10[CFG] received stroke: initiate 'host-host' Mar 12 04:35:52 ishan charon: 12[IKE] initiating IKE_SA host-host[1] to 192.168.3.4 Mar 12 04:35:52 ishan charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Mar 12 04:35:52 ishan charon: 12[NET] sending packet: from 192.168.3.3[500] to 192.168.3.4[500] Mar 12 04:35:52 ishan charon: 13[NET] received packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 04:35:52 ishan charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] Mar 12 04:35:52 ishan charon: 13[IKE] received cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 04:35:52 ishan charon: 13[IKE] sending cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 04:35:52 ishan charon: 13[IKE] authentication of '192.168.3.3' (myself) with RSA signature successful Mar 12 04:35:52 ishan charon: 13[IKE] sending end entity cert "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 04:35:52 ishan charon: 13[IKE] establishing CHILD_SA host-host Mar 12 04:35:52 ishan charon: 13[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ] Mar 12 04:35:52 ishan charon: 13[NET] sending packet: from 192.168.3.3[4500] to 192.168.3.4[4500] Mar 12 04:35:52 ishan charon: 14[NET] received packet: from 192.168.3.4[4500] to 192.168.3.3[4500] Mar 12 04:35:52 ishan charon: 14[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] Mar 12 04:35:52 ishan charon: 14[IKE] received AUTHENTICATION_FAILED notify error Mar 12 04:35:52 ishan charon: 14[KNL] received netlink error: Invalid argument (22) Mar 12 04:35:52 ishan charon: 14[KNL] unable to delete SAD entry with SPI ce595853 Mar 12 04:36:22 ishan charon: 04[KNL] creating delete job for ESP CHILD_SA with SPI ce595853 and reqid {1} Mar 12 04:36:22 ishan charon: 15[JOB] CHILD_SA with reqid 1 not found for delete ------------------------------------------ ishan (moon): ipsec.conf # ipsec.conf - strongSwan IPsec configuration file config setup crlcheckinterval=600 strictcrlpolicy=no plutostart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 conn host-host left=192.168.3.3 leftcert=ishanCert.pem right=192.168.3.4 auto=add ----------------------------------------------------------------------- ishan(moon): follwing command we excecuted after ipsec start [r...@ishan ishan]# ipsec up host-host initiating IKE_SA host-host[3] to 192.168.3.4 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.3.3[500] to 192.168.3.4[500] received packet: from 192.168.3.4[500] to 192.168.3.3[500] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] received cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" sending cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" authentication of '192.168.3.3' (myself) with RSA signature successful sending end entity cert "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" establishing CHILD_SA host-host generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ] sending packet: from 192.168.3.3[4500] to 192.168.3.4[4500] received packet: from 192.168.3.4[4500] to 192.168.3.3[4500] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] received AUTHENTICATION_FAILED notify error [r...@ishan ishan]# ipsec statusall Performance: uptime: 33 minutes, since Mar 12 04:35:35 2009 worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0 loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown Listening IP addresses: 192.168.3.3 192.168.122.1 Connections: host-host: 192.168.3.3[192.168.3.3]...192.168.3.4[192.168.3.4] host-host: CAs: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com"...%any host-host: public key authentication host-host: dynamic/32 === dynamic/32 Security Associations: none [r...@ishan ishan]# ipsec listall List of X.509 End Entity Certificates: altNames: 192.168.3.3 subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" serial: 10:00:06 validity: not before Mar 10 22:04:25 2009, ok not after Mar 10 22:04:25 2011, ok pubkey: RSA 1024 bits, has private key keyid: 7e:35:20:c0:96:1e:c7:53:77:c2:44:3a:98:0a:84:96:7b:ad:9b:ee subjkey: c4:84:38:1c:2b:22:c4:39:6a:c7:6e:5d:9a:5e:06:3c:98:a3:25:37 authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 List of X.509 CA Certificates: subject: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" serial: 00:d5:8c:82:99:da:6c:4e:99 validity: not before Mar 10 20:39:13 2009, ok not after Mar 09 20:39:13 2013, ok pubkey: RSA 2048 bits keyid: 6d:19:04:8c:44:f3:07:70:73:2d:04:d1:e9:b4:fa:93:0e:d0:8d:a6 subjkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 List of registered IKEv2 Algorithms: encryption: AES_CBC 3DES DES integrity: AES_XCBC_96 HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128 HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMAC_SHA2_512_256 hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5 prf: PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_CBC PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT ======================================================================================================================================= ======================================================================================================================================= *****abhishek [sun]******* Mar 12 23:01:02 abhishek charon: 01[DMN] starting charon (strongSwan Version 4.2.11) Mar 12 23:01:02 abhishek charon: 01[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Mar 12 23:01:02 abhishek charon: 01[LIB] missing passphrase Mar 12 23:01:02 abhishek charon: 01[LIB] failed to create a builder for credential type CRED_CERTIFICATE, subtype (1) Mar 12 23:01:02 abhishek charon: 01[LIB] loaded certificate file '/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem' Mar 12 23:01:02 abhishek charon: 01[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Mar 12 23:01:02 abhishek charon: 01[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Mar 12 23:01:02 abhishek charon: 01[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Mar 12 23:01:02 abhishek charon: 01[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Mar 12 23:01:02 abhishek charon: 01[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Mar 12 23:01:02 abhishek charon: 01[CFG] loaded private key file '/usr/local/etc/ipsec.d/private/abhishekKey.pem' Mar 12 23:01:02 abhishek charon: 01[DMN] loaded plugins: aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown Mar 12 23:01:02 abhishek charon: 01[KNL] listening on interfaces: Mar 12 23:01:02 abhishek charon: 01[KNL] eth0 Mar 12 23:01:02 abhishek charon: 01[KNL] 192.168.3.4 Mar 12 23:01:02 abhishek charon: 01[KNL] fe80::213:d3ff:febe:69d1 Mar 12 23:01:02 abhishek charon: 01[JOB] spawning 16 worker threads Mar 12 23:01:02 abhishek charon: 03[CFG] received stroke: add connection 'host-host' Mar 12 23:01:02 abhishek charon: 03[LIB] loaded certificate file '/usr/local/etc/ipsec.d/certs/abhishekCert.pem' Mar 12 23:01:02 abhishek charon: 03[CFG] peerid 192.168.3.3 not confirmed by certificate, defaulting to subject DN Mar 12 23:01:02 abhishek charon: 03[CFG] added configuration 'host-host': 192.168.3.4[192.168.3.4]...192.168.3.3[C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com] Mar 12 23:01:09 abhishek charon: 10[NET] received packet: from 192.168.3.3[500] to 192.168.3.4[500] Mar 12 23:01:09 abhishek charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Mar 12 23:01:09 abhishek charon: 10[IKE] 192.168.3.3 is initiating an IKE_SA Mar 12 23:01:09 abhishek charon: 10[IKE] sending cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] Mar 12 23:01:09 abhishek charon: 10[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:01:09 abhishek charon: 11[NET] received packet: from 192.168.3.3[4500] to 192.168.3.4[4500] Mar 12 23:01:09 abhishek charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ] Mar 12 23:01:09 abhishek charon: 11[IKE] received cert request for "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 11[IKE] received end entity cert "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 11[CFG] using certificate "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 11[CFG] using trusted ca certificate "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 11[CFG] checking certificate status of "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" Mar 12 23:01:09 abhishek charon: 11[CFG] certificate status is not available Mar 12 23:01:09 abhishek charon: 11[IKE] authentication of '192.168.3.3' with RSA signature successful Mar 12 23:01:09 abhishek charon: 11[IKE] peer supports MOBIKE Mar 12 23:01:09 abhishek charon: 11[IKE] no matching config found for '192.168.3.4'...'192.168.3.3' Mar 12 23:01:09 abhishek charon: 11[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Mar 12 23:01:09 abhishek charon: 11[NET] sending packet: from 192.168.3.4[4500] to 192.168.3.3[4500] Mar 12 23:01:39 abhishek charon: 03[CFG] received stroke: initiate 'host-host' Mar 12 23:01:39 abhishek charon: 15[IKE] initiating IKE_SA host-host[2] to 192.168.3.3 Mar 12 23:01:39 abhishek charon: 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Mar 12 23:01:39 abhishek charon: 15[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:01:43 abhishek charon: 16[IKE] retransmit 1 of request with message ID 0 Mar 12 23:01:43 abhishek charon: 16[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:01:51 abhishek charon: 17[IKE] retransmit 2 of request with message ID 0 Mar 12 23:01:51 abhishek charon: 17[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:02:04 abhishek charon: 08[IKE] retransmit 3 of request with message ID 0 Mar 12 23:02:04 abhishek charon: 08[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:02:27 abhishek charon: 09[IKE] retransmit 4 of request with message ID 0 Mar 12 23:02:27 abhishek charon: 09[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:03:09 abhishek charon: 12[IKE] retransmit 5 of request with message ID 0 Mar 12 23:03:09 abhishek charon: 12[NET] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] Mar 12 23:04:24 abhishek charon: 14[IKE] giving up after 5 retransmits Mar 12 23:04:24 abhishek charon: 14[IKE] establishing IKE_SA failed, peer not responding ------------------------------------------- abhishek sun: ipsec.conf # ipsec.conf - strongSwan IPsec configuration file config setup crlcheckinterval=600 strictcrlpolicy=no plutostart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 conn host-host left=192.168.3.3 right=192.168.3.4 rightcert=abhishekCert.pem auto=add -------------------------------------------------------------------------- following command we executed on abhishek [sun ] after ipsec start [r...@abhishek etc]# ipsec start Starting strongSwan 4.2.11 IPsec [starter] hi this this first test ... no default route - cannot cope with %defaultroute!!! insmod /lib/modules/2.6.18.8.tex5/kernel/net/key/af_key.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/ah4.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/esp4.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/ipcomp.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/tunnel4.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/ipv4/xfrm4_tunnel.ko.gz insmod /lib/modules/2.6.18.8.tex5/kernel/net/xfrm/xfrm_user.ko.gz [r...@abhishek etc]# ipsec up host-host initiating IKE_SA host-host[2] to 192.168.3.3 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.3.4[500] to 192.168.3.3[500] retransmit 1 of request with message ID 0 sending packet: from 192.168.3.4[500] to 192.168.3.3[500] retransmit 2 of request with message ID 0 sending packet: from 192.168.3.4[500] to 192.168.3.3[500] retransmit 3 of request with message ID 0 sending packet: from 192.168.3.4[500] to 192.168.3.3[500] retransmit 4 of request with message ID 0 sending packet: from 192.168.3.4[500] to 192.168.3.3[500] [r...@abhishek etc]# ipsec statusall Performance: uptime: 105 seconds, since Mar 12 23:01:02 2009 worker threads: 9 idle of 16, job queue load: 1, scheduled events: 1 loaded plugins: aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown Listening IP addresses: 192.168.3.4 Connections: host-host: 192.168.3.4[192.168.3.4]...192.168.3.3[C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com] host-host: CAs: %any..."C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" host-host: public key authentication host-host: dynamic/32 === dynamic/32 Security Associations: host-host[2]: CONNECTING, 192.168.3.4[192.168.3.4]...192.168.3.3[C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com] host-host[2]: IKE SPIs: b5b814882403c26d_i* 0000000000000000_r [r...@abhishek etc]# ipsec listall List of X.509 End Entity Certificates: altNames: 192.168.3.3 subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" serial: 10:00:06 validity: not before Mar 10 22:04:25 2009, ok not after Mar 10 22:04:25 2011, ok pubkey: RSA 1024 bits keyid: 7e:35:20:c0:96:1e:c7:53:77:c2:44:3a:98:0a:84:96:7b:ad:9b:ee subjkey: c4:84:38:1c:2b:22:c4:39:6a:c7:6e:5d:9a:5e:06:3c:98:a3:25:37 authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 altNames: 192.168.3.4 subject: "C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, e=abhis...@gmail.com" issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" serial: 10:00:07 validity: not before Mar 11 17:24:59 2009, ok not after Mar 11 17:24:59 2011, ok pubkey: RSA 1024 bits, has private key keyid: a1:ae:79:92:34:f8:71:ec:19:fa:94:a6:9d:3b:72:f6:a5:70:8a:7a subjkey: ea:b7:c7:50:e6:8d:5e:8e:d7:40:20:87:22:49:8f:d9:3e:36:99:cb authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 List of X.509 CA Certificates: subject: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" issuer: "C=AU, ST=QLD, L=Newbury, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, e=ishansharm...@gmail.com" serial: 00:d5:8c:82:99:da:6c:4e:99 validity: not before Mar 10 20:39:13 2009, ok not after Mar 09 20:39:13 2013, ok pubkey: RSA 2048 bits keyid: 6d:19:04:8c:44:f3:07:70:73:2d:04:d1:e9:b4:fa:93:0e:d0:8d:a6 subjkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 authkey: f5:78:61:94:0a:5c:a5:e6:4e:43:d0:3b:f6:51:8f:48:7e:5b:63:48 List of registered IKEv2 Algorithms: encryption: AES_CBC 3DES DES integrity: HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128 HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMAC_SHA2_512_256 AES_XCBC_96 hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5 prf: PRF_KEYED_SHA1 PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 PRF_AES128_CBC dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users