Hosting Provided By

[Users] VPN connection problem with x509 certificates

From: <Herbert.Augustiny(at)sptroth.com>
Date: Thu Apr 29 2004 - 16:38:24 EDT

For day's I'm trying to get a site to site VPN up and running, but I never succeeded...

At one end I'm running DevilLinux with super-freeswan-1.99.8 and at the Other end I have a hardware firewall (Eicon / Lasat safepipe, this is a Linux based firewall also with freeswan but I don't know which version).

I have created ma own CA,I have created the host keys, certificates and I have distributed them to both firewalls.

When I turn on plutodebug=all
I get the following error messages after a lot of other output which looks OK to me:

Apr 29 20:20:59 src@fw pluto[6657]: | an RSA Sig check failure no leading
00 with *AwEAAb0DY [preloaded key]
Apr 29 20:20:59 src@fw pluto[6657]: "spt" #1: Signature check (on C=CH,

ST=Bern, O=Small Precision Tools, CN=SPT Roth Safepipe) failed (wrong key?); tried *AwEAAb0DY
Apr 29 20:20:59 src@fw pluto[6657]: | public key for C=CH, ST=Bern, O=Small Precision Tools, CN=SPT Roth Safepipe failed: decrypted SIG payload into a malformed ECB (no leading 00)
Apr 29 20:20:59 src@fw pluto[6657]: "spt" #1: sending notification INVALID_KEY_INFORMATION to x.x.x.x:500

The output of ipsec auto --listall:

root@fw:~ # ipsec auto --listall
000
000 List of Public Keys:
000
000 Apr 29 21:32:30 2004, 1024 RSA Key AwEAAb0DY, until Apr 28 14:58:44 2009 ok
000 ID_DER_ASN1_DN 'C=CH, ST=Bern, O=Small Precision Tools, CN=SPT Roth Safepipe'
000 Issuer 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'
000 Apr 29 21:32:12 2004, 1024 RSA Key AwEAAeKm7, until Apr 26 22:37:41 2009 ok
000 ID_DER_ASN1_DN 'C=CH, ST=Bern, O=Small Precision Tools, CN=CNA Gateway'
000 Issuer 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'
000
000 List of User/Host Certificates:
000
000 Apr 29 21:32:12 2004, count: 1
000 subject: 'C=CH, ST=Bern, O=Small Precision Tools, CN=CNA Gateway'
000 issuer: 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'

000        pubkey:   1024 RSA Key AwEAAeKm7, has private key
000        validity: not before Apr 27 22:37:41 2004 ok
000                  not after  Apr 26 22:37:41 2009 ok

000
000 List of CA Certificates:
000
000 Apr 29 21:32:11 2004, count: 1
000 subject: 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'
000 issuer: 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'

000        pubkey:   2048 RSA Key AwEAAbEFe
000        validity: not before Apr 27 21:42:19 2004 ok
000                  not after  Feb 01 20:42:19 2026 ok

000
000 List of CRLs:
000
000 Apr 29 21:32:12 2004, revoked certs: 0 000 issuer: 'C=CH, ST=Bern, L=Lyss, O=Small Precision Tools, CN=SSL CA Admin'

000        updates:  this Apr 27 23:22:16 2004
000                  next May 27 23:22:16 2004 ok

Do you need help?

Please give ma a hint where to search...

Rgards,

Herbert

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Thu Apr 29 16:40:11 2004

This message: [ Message body ]
Next message: Andreas Steffen: "Re: [Users] VPN connection problem with x509 certificates"
Previous message: Frieder 'cfreak' Kundel: "Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody"
Next in thread: Andreas Steffen: "Re: [Users] VPN connection problem with x509 certificates"
Reply: Andreas Steffen: "Re: [Users] VPN connection problem with x509 certificates"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:34 EDT