hello
plz help me finding the mistake. here is result of ' syslog ', ' ipsec.conf
', ' ipsec up host-host ' , ' ipsec statusall ' , ' ipsec listall '.
i can't understand " failed to create a builder for credential type
CRED_CERTIFICATE, subtype (1) " in the syslog.
assumption:
abhishek [sun]
ajay [moon]
======================================================================================================================
[r...@abhishek certs]# tcpdump -i eth0 not port ssh and not port domain and
not arp > /tmp/tcpdump.log 2>&1 &
[1] 26832
[r...@abhishek certs]# /etc/init.d/iptables start 2> /dev/null
[1]+ Exit 127 tcpdump -i eth0 not port ssh and not port
domain and not arp >/tmp/tcpdump.log 2>&1
[r...@abhishek certs]# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.2.11 IPsec [starter] ...
[r...@abhishek certs]# ipsec up host-host
initiating IKE_SA host-host[4] to 192.168.3.11
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
retransmit 1 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
retransmit 2 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
retransmit 3 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
retransmit 4 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
retransmit 5 of request with message ID 0
sending packet: from 192.168.3.4[500] to 192.168.3.11[500]
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding
[r...@abhishek certs]# ipsec statusall
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 192.168.3.4:500
000 %myid = (none)
000 debug none
000
Performance:
uptime: 14 minutes, since Mar 15 09:26:45 2009
worker threads: 10 idle of 16, job queue load: 1, scheduled events: 0
loaded plugins: aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc
stroke kernel-netlink updown
Listening IP addresses:
192.168.3.4
Connections:
host-host: 192.168.3.4[CN=IN, O=rvce, CN=abhishek]...192.168.3.11[C=IN,
O=rvce, CN=ajay]
host-host: public key authentication
host-host: dynamic/32 === dynamic/32
Security Associations:
none
[r...@abhishek certs]# ipsec listall
000
000 List of registered IKE Encryption Algorithms:
000
000 #3 OAKLEY_BLOWFISH_CBC, blocksize: 64, keylen: 128-128-448
000 #5 OAKLEY_3DES_CBC, blocksize: 64, keylen: 192-192-192
000 #7 OAKLEY_AES_CBC, blocksize: 128, keylen: 128-128-256
000 #65004 OAKLEY_SERPENT_CBC, blocksize: 128, keylen: 128-128-256
000 #65005 OAKLEY_TWOFISH_CBC, blocksize: 128, keylen: 128-128-256
000 #65289 OAKLEY_TWOFISH_CBC_SSH, blocksize: 128, keylen: 128-128-256
000
000 List of registered IKE Hash Algorithms:
000
000 #1 OAKLEY_MD5, hashsize: 128
000 #2 OAKLEY_SHA, hashsize: 160
000 #4 OAKLEY_SHA2_256, hashsize: 256
000 #5 OAKLEY_SHA2_384, hashsize: 384
000 #6 OAKLEY_SHA2_512, hashsize: 512
000
000 List of registered IKE DH Groups:
000
000 #2 OAKLEY_GROUP_MODP1024, groupsize: 1024
000 #5 OAKLEY_GROUP_MODP1536, groupsize: 1536
000 #14 OAKLEY_GROUP_MODP2048, groupsize: 2048
000 #15 OAKLEY_GROUP_MODP3072, groupsize: 3072
000 #16 OAKLEY_GROUP_MODP4096, groupsize: 4096
000 #17 OAKLEY_GROUP_MODP6144, groupsize: 6144
000 #18 OAKLEY_GROUP_MODP8192, groupsize: 8192
000
000 List of registered ESP Encryption Algorithms:
000
000 #2 ESP_DES, blocksize: 8, keylen: 64-64
000 #3 ESP_3DES, blocksize: 8, keylen: 192-192
000 #7 ESP_BLOWFISH, blocksize: 8, keylen: 40-448
000 #11 ESP_NULL, blocksize: 0, keylen: 0-0
000 #12 ESP_AES, blocksize: 8, keylen: 128-256
000 #252 ESP_SERPENT, blocksize: 8, keylen: 128-256
000 #253 ESP_TWOFISH, blocksize: 8, keylen: 128-256
000
000 List of registered ESP Authentication Algorithms:
000
000 #1 AUTH_ALGORITHM_HMAC_MD5, keylen: 128-128
000 #2 AUTH_ALGORITHM_HMAC_SHA1, keylen: 160-160
000 #5 AUTH_ALGORITHM_HMAC_SHA2_256, keylen: 256-256
000 #251 AUTH_ALGORITHM_NULL, keylen: 0-0
000
000 List of X.509 CA Certificates:
000
000 Mar 15 09:26:45 2009, count: 1
000 subject: 'C=IN, O=rvce, CN=ajay'
000 issuer: 'C=IN, O=rvce, CN=ajay'
000 serial: 00:85:02:bb:db:2a:fb:7c:d6
000 pubkey: 2048 RSA Key AwEAAfnvY
000 validity: not before Mar 15 05:11:35 2009 ok
000 not after Mar 14 05:11:35 2013 ok
000 subjkey:
ee:f4:f8:2d:b7:63:f9:43:47:b0:0e:f2:c5:c1:96:45:a9:89:ff:33
000 authkey:
ee:f4:f8:2d:b7:63:f9:43:47:b0:0e:f2:c5:c1:96:45:a9:89:ff:33
000 aserial: 00:85:02:bb:db:2a:fb:7c:d6
List of X.509 CA Certificates:
subject: "C=IN, O=rvce, CN=ajay"
issuer: "C=IN, O=rvce, CN=ajay"
serial: 00:85:02:bb:db:2a:fb:7c:d6
validity: not before Mar 15 05:11:35 2009, ok
not after Mar 14 05:11:35 2013, ok
pubkey: RSA 2048 bits
keyid: 05:27:f6:42:18:00:7f:c4:01:0f:ed:d5:42:c4:01:d0:d5:68:fd:4a
subjkey: ee:f4:f8:2d:b7:63:f9:43:47:b0:0e:f2:c5:c1:96:45:a9:89:ff:33
authkey: ee:f4:f8:2d:b7:63:f9:43:47:b0:0e:f2:c5:c1:96:45:a9:89:ff:33
List of registered IKEv2 Algorithms:
encryption: AES_CBC 3DES DES
integrity: HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128
HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMAC_SHA2_512_256 AES_XCBC_96
hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5
prf: PRF_KEYED_SHA1 PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5
PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 PRF_AES128_CBC
dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT
MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT
----------------------------------------------------------------------------------------
syslog abhishek [sun]
Mar 15 09:26:45 abhishek charon: 01[DMN] starting charon (strongSwan Version
4.2.11)
Mar 15 09:26:45 abhishek charon: 01[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Mar 15 09:26:45 abhishek charon: 01[LIB] loaded certificate file
'/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem'
Mar 15 09:26:45 abhishek charon: 01[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Mar 15 09:26:45 abhishek charon: 01[CFG] loading ocsp signer certificates
from '/usr/local/etc/ipsec.d/ocspcerts'
Mar 15 09:26:45 abhishek charon: 01[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Mar 15 09:26:45 abhishek charon: 01[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Mar 15 09:26:45 abhishek charon: 01[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Mar 15 09:26:45 abhishek charon: 01[CFG] loaded private key file
'/usr/local/etc/ipsec.d/private/abhishekKey.pem'
Mar 15 09:26:45 abhishek charon: 01[DMN] loaded plugins: aes des sha1 sha2
md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
Mar 15 09:26:45 abhishek charon: 01[KNL] listening on interfaces:
Mar 15 09:26:45 abhishek charon: 01[KNL] eth0
Mar 15 09:26:45 abhishek charon: 01[KNL] 192.168.3.4
Mar 15 09:26:45 abhishek charon: 01[KNL] fe80::213:d3ff:febe:69d1
Mar 15 09:26:45 abhishek charon: 01[JOB] spawning 16 worker threads
Mar 15 09:26:45 abhishek charon: 06[CFG] received stroke: add connection
'host-host'
Mar 15 09:26:45 abhishek charon: 06[LIB] file coded in unknown format,
discarded
Mar 15 09:26:45 abhishek charon: 06[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)
Mar 15 09:26:45 abhishek charon: 06[CFG] added configuration 'host-host':
192.168.3.4[CN=IN, O=rvce, CN=abhishek]...192.168.3.11[C=IN, O=rvce,
CN=ajay]
Mar 15 09:26:56 abhishek charon: 08[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:26:56 abhishek charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:26:56 abhishek charon: 08[IKE] 192.168.3.11 is initiating an
IKE_SA
Mar 15 09:26:56 abhishek charon: 08[IKE] sending cert request for "C=IN,
O=rvce, CN=ajay"
Mar 15 09:26:56 abhishek charon: 08[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 15 09:26:56 abhishek charon: 08[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:27:00 abhishek charon: 09[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:27:00 abhishek charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:27:00 abhishek charon: 09[IKE] received retransmit of request with
ID 0, retransmitting response
Mar 15 09:27:00 abhishek charon: 09[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:27:07 abhishek charon: 10[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:27:07 abhishek charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:27:07 abhishek charon: 10[IKE] received retransmit of request with
ID 0, retransmitting response
Mar 15 09:27:07 abhishek charon: 10[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:27:20 abhishek charon: 11[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:27:20 abhishek charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:27:20 abhishek charon: 11[IKE] received retransmit of request with
ID 0, retransmitting response
Mar 15 09:27:20 abhishek charon: 11[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:27:26 abhishek charon: 12[JOB] deleting half open IKE_SA after
timeout
Mar 15 09:27:43 abhishek charon: 13[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:27:43 abhishek charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:27:43 abhishek charon: 13[IKE] 192.168.3.11 is initiating an
IKE_SA
Mar 15 09:27:43 abhishek charon: 13[IKE] sending cert request for "C=IN,
O=rvce, CN=ajay"
Mar 15 09:27:43 abhishek charon: 13[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 15 09:27:43 abhishek charon: 13[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:28:13 abhishek charon: 14[JOB] deleting half open IKE_SA after
timeout
Mar 15 09:28:26 abhishek charon: 15[NET] received packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 09:28:26 abhishek charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:28:26 abhishek charon: 15[IKE] 192.168.3.11 is initiating an
IKE_SA
Mar 15 09:28:26 abhishek charon: 15[IKE] sending cert request for "C=IN,
O=rvce, CN=ajay"
Mar 15 09:28:26 abhishek charon: 15[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 15 09:28:26 abhishek charon: 15[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:28:56 abhishek charon: 16[JOB] deleting half open IKE_SA after
timeout
Mar 15 09:33:12 abhishek charon: 08[CFG] received stroke: initiate
'host-host'
Mar 15 09:33:12 abhishek charon: 07[IKE] initiating IKE_SA host-host[4] to
192.168.3.11
Mar 15 09:33:12 abhishek charon: 07[ENC] generating IKE_SA_INIT request 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 09:33:12 abhishek charon: 07[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:33:16 abhishek charon: 10[IKE] retransmit 1 of request with
message ID 0
Mar 15 09:33:16 abhishek charon: 10[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:33:23 abhishek charon: 11[IKE] retransmit 2 of request with
message ID 0
Mar 15 09:33:23 abhishek charon: 11[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:33:36 abhishek charon: 12[IKE] retransmit 3 of request with
message ID 0
Mar 15 09:33:36 abhishek charon: 12[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:34:00 abhishek charon: 13[IKE] retransmit 4 of request with
message ID 0
Mar 15 09:34:00 abhishek charon: 13[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:34:42 abhishek charon: 14[IKE] retransmit 5 of request with
message ID 0
Mar 15 09:34:42 abhishek charon: 14[NET] sending packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 09:35:57 abhishek charon: 15[IKE] giving up after 5 retransmits
Mar 15 09:35:57 abhishek charon: 15[IKE] establishing IKE_SA failed, peer
not responding
-----------------------------------------------------------------------------------------
ipsec.conf abhishek [sun]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
crlcheckinterval=600
strictcrlpolicy=no
# cachecrls=yes
# nat_traversal=yes
# charonstart=no
# plutostart=no
# Add connections here
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
# Sample VPN connections
conn host-host
left=192.168.3.4
leftcert=abhishekCert.pem
leftid="CN=IN, O=rvce, CN=abhishek"
leftfirewall=yes
right=192.168.3.11
rightid="C=IN, O=rvce, CN=ajay"
auto=add
============================================================================================================================
ajay [moon]
[r...@localhost certs]# /etc/init.d/iptables start 2> /dev/null
[r...@localhost certs]# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.2.11 IPsec [starter]...
[r...@localhost certs]# ipsec up host-host
initiating IKE_SA host-host[1] to 192.168.3.4
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
retransmit 1 of request with message ID 0
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
retransmit 2 of request with message ID 0
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
retransmit 3 of request with message ID 0
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
retransmit 4 of request with message ID 0
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
retransmit 5 of request with message ID 0
sending packet: from 192.168.3.11[500] to 192.168.3.4[500]
received packet: from 192.168.3.4[500] to 192.168.3.11[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
received cert request for unknown ca with keyid
05:27:f6:42:18:00:7f:c4:01:0f:ed:d5:42:c4:01:d0:d5:68:fd:4a
no private key found for 'C=IN, O=rvce, CN=ajay'
generating authentication data failed
[r...@localhost certs]# vim /var/log/messages
[r...@localhost certs]# ipsec statusall
Performance:
uptime: 14 minutes, since Mar 15 05:32:49 2009
worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
loaded plugins: aes des sha1 sha2 md5 gmp random pubkey hmac xcbc stroke
kernel-netlink updown
Listening IP addresses:
192.168.3.11
192.168.122.1
Connections:
host-host: 192.168.3.11[C=IN, O=rvce, CN=ajay]...192.168.3.4[C=IN,
O=rvce, CN=abhishek]
host-host: public key authentication
host-host: dynamic/32 === dynamic/32
Security Associations:
none
[r...@localhost certs]# ipsec listall
List of registered IKEv2 Algorithms:
encryption: AES_CBC 3DES DES
integrity: HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128
HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMAC_SHA2_512_256 AES_XCBC_96
hasher: HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5
prf: PRF_KEYED_SHA1 PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5
PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 PRF_AES128_CBC
dh-group: MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT
MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT
--------------------------------------------------------------------------
Mar 15 05:32:49 localhost charon: 01[DMN] starting charon (strongSwan
Version 4.2.11)
Mar 15 05:32:49 localhost charon: 01[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Mar 15 05:32:49 localhost charon: 01[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)
Mar 15 05:32:49 localhost charon: 01[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Mar 15 05:32:49 localhost charon: 01[CFG] loading ocsp signer certificates
from '/usr/local/etc/ipsec.d/ocspcerts'
Mar 15 05:32:49 localhost charon: 01[CFG] loading attribute certificates
from '/usr/local/etc/ipsec.d/acerts'
Mar 15 05:32:49 localhost charon: 01[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Mar 15 05:32:49 localhost charon: 01[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Mar 15 05:32:49 localhost charon: 01[CFG] loaded private key file
'/usr/local/etc/ipsec.d/private/ajayKey.pem'
Mar 15 05:32:49 localhost charon: 01[DMN] loaded plugins: aes des sha1 sha2
md5 gmp random pubkey hmac xcbc stroke kernel-netlink updown
Mar 15 05:32:49 localhost charon: 01[KNL] listening on interfaces:
Mar 15 05:32:49 localhost charon: 01[KNL] eth0
Mar 15 05:32:49 localhost charon: 01[KNL] 192.168.3.11
Mar 15 05:32:49 localhost charon: 01[KNL] fe80::216:d3ff:fea4:b48
Mar 15 05:32:49 localhost charon: 01[KNL] virbr0
Mar 15 05:32:49 localhost charon: 01[KNL] 192.168.122.1
Mar 15 05:32:49 localhost charon: 01[KNL] fe80::a004:2fff:fe9d:fdb3
Mar 15 05:32:49 localhost charon: 01[JOB] spawning 16 worker threads
Mar 15 05:32:49 localhost charon: 07[CFG] received stroke: add connection
'host-host'
Mar 15 05:32:49 localhost charon: 07[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)
Mar 15 05:32:49 localhost charon: 07[CFG] added configuration 'host-host':
192.168.3.11[C=IN, O=rvce, CN=ajay]...192.168.3.4[C=IN, O=rvce, CN=abhishek]
Mar 15 05:33:05 localhost charon: 17[CFG] received stroke: initiate
'host-host'
Mar 15 05:33:05 localhost charon: 10[IKE] initiating IKE_SA host-host[1] to
192.168.3.4
Mar 15 05:33:05 localhost charon: 10[ENC] generating IKE_SA_INIT request 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar 15 05:33:05 localhost charon: 10[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:33:09 localhost charon: 09[IKE] retransmit 1 of request with
message ID 0
Mar 15 05:33:09 localhost charon: 09[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:33:16 localhost charon: 14[IKE] retransmit 2 of request with
message ID 0
Mar 15 05:33:16 localhost charon: 14[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:33:29 localhost charon: 15[IKE] retransmit 3 of request with
message ID 0
Mar 15 05:33:29 localhost charon: 15[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:33:52 localhost charon: 16[IKE] retransmit 4 of request with
message ID 0
Mar 15 05:33:52 localhost charon: 16[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:34:34 localhost charon: 08[IKE] retransmit 5 of request with
message ID 0
Mar 15 05:34:34 localhost charon: 08[NET] sending packet: from
192.168.3.11[500] to 192.168.3.4[500]
Mar 15 05:34:35 localhost charon: 07[NET] received packet: from
192.168.3.4[500] to 192.168.3.11[500]
Mar 15 05:34:35 localhost charon: 07[ENC] parsed IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
Mar 15 05:34:35 localhost charon: 07[IKE] received cert request for unknown
ca with keyid 05:27:f6:42:18:00:7f:c4:01:0f:ed:d5:42:c4:01:d0:d5:68:fd:4a
Mar 15 05:34:35 localhost charon: 07[IKE] no private key found for 'C=IN,
O=rvce, CN=ajay'
Mar 15 05:34:35 localhost charon: 07[IKE] generating authentication data
failed
------------------------------------------------------------------------------------------------------------
ipsec.conf of ajay [moon]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
crlcheckinterval=180
strictcrlpolicy=no
# cachecrls=yes
# nat_traversal=yes
# charonstart=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
# Add connections here.
conn host-host
left=192.168.3.11
leftcert=ajayCert.pem
leftid="C=IN, O=rvce, CN=ajay"
leftfirewall=yes
right=192.168.3.4
rightid="C=IN, O=rvce, CN=abhishek"
auto=add
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
