[Swan-dev] ikev2-x509-02-eku
D. Hugh Redelmeier
hugh at mimosa.com
Sat Feb 2 22:19:46 UTC 2019
This failed for me last night.
testing/pluto/ikev2-x509-02-eku/OUTPUT/west.console.diff
+002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED
testing/pluto/ikev2-x509-02-eku/OUTPUT/east.pluto.log
| offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing at libreswan.org'
"ikev2-westnet-eastnet-x509-cr" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
| verifying AUTH payload
| #1 spent 1.66 milliseconds
| required RSA CA is '%any'
| checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libres!
| checking RSA keyid 'user-east at testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
| checking RSA keyid '@east.testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
| checking RSA keyid 'east at testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
| checking RSA keyid '192.1.2.23' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
"ikev2-westnet-eastnet-x509-cr" #1: no RSA public key known for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-eku.testing.libreswan.org, E=user-west-eku at testing.libreswan.org'
| #1 spent 0.446 milliseconds in ikev2_verify_rsa_hash()
"ikev2-westnet-eastnet-x509-cr" #1: RSA authentication of I2 Auth Payload failed
"ikev2-westnet-eastnet-x509-cr" #1: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification AUTHENTICATION_FAILED
This looks importan. What's up?
More information about the Swan-dev
mailing list