[Swan] Help configuring libreswan with XAUTH, NSS and remote clients (road warriors)
Wolfgang Nothdurft
wolfgang at linogate.de
Fri Sep 19 13:09:42 EEST 2014
Am 19.09.2014 11:34, schrieb Enrico Brunetta:
> Wolfgang,
>
>
> On the mac I had to import the cert into my system keychain, and then I specifically chose the imported cert when configuring my VPN connection.
> Don’t really seeany place to change permissions…
>
I don't have a mac here, but as far as I know, you can doubleklick the
certificate in the keychain access utility and set access permissions
for different programs.
It should look like this screenshots from our wiki.
We have only a german version, sorry.
http://www.linogate.de/de/support/categories/ipsec/mac_keychain-01.png
http://www.linogate.de/de/support/categories/ipsec/mac_keychain-02.png
>
> Here’s the log on the mac side:
>
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: IPSec connecting to server vpn.bitproductions.com
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: SCNC: start, triggered by (83299) SystemUIServer, type IPSec, status 0, trafficClass 0
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: IPSec Phase1 starting.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: network changed.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: accepted connection on vpn control socket.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IPSec connecting to server 54.84.104.104
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: Connecting.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IPSec Phase 1 started (Initiated by me).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: >>>>> phase change status = Phase 1 started by us
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: network changed.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: >>>>> phase change status = Phase 1 started by peer
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: network changed.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: error -25308 errSecInteractionNotAllowed.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: failed to sign.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: failed to get sign
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: failed to allocate send buffer
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: failed to process packet.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local racoon[752]: Phase 1 negotiation failed.
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: IPSec Controller: IKE FAILED. phase 3, assert 0
> Sep 19 04:24:13 Enricos-MacBook-Pro.local configd[17]: IPSec disconnecting from server 54.84.104.104
>
From
https://developer.apple.com/library/ios/documentation/Security/Reference/keychainservices/index.html#//apple_ref/c/econst/errSecInteractionNotAllowed
Interaction with the Security Server is not allowed.
Value
–25308
Description
Wolfgang
More information about the Swan
mailing list