Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > users > 03 > 020269.html (Request Expert lists.freeswan.org Support)

Re: [Users] Authentication problems FreeSWAN + X509 and W2K/XP Clients

From: Andreas Steffen <andreas.steffen(at)strongsec.net>
Date: Fri Feb 21 2003 - 11:50:27 EST

In oakley.log you'v got the erro message

  2-21: 09:35:39:108 Error 0 during CryptVerifySignature!

Probably FreeS/WAN's signature using its private RSA key does not match the public key in FreeS/WAN's certificate. Instead of using the deprecated /etc/x509cert.der, use

   leftcert=freeswanCert.pem

or

   leftcert=freeswanCert.der

in ipsec.conf. In ipsec.secrets load the private key via

Do you need help?X

   : RSA freeswanKey.pem "<optional password>

Then execute

   ipsec auto --listcerts

and check if FreeS/WAN's certificate has the entry

   , has private key

If this is not the case then the private key loaded via ipsec.secrets does not match the public key in ipsec.secrets.

Regards

Andreas

Do you need more help?X

Kallabis, Marcus wrote:
> Hi,
> I've some problems to set up an ipsec connection betweeen a linux box 

-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
Received on Fri Feb 21 13:43:04 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:21 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library