[Swan] L2TP/IPsec with certificates: INVALID_KEY_INFORMATION
Sergio Belkin
sebelk at gmail.com
Sun May 1 00:35:21 UTC 2016
I miss the last lines:
000 IPsec SAs: total(1), authenticated(1), anonymous(0)
000
000 #2: "windows":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE_IF_USED in 28012s; newest IPSEC; eroute owner; isakmp#1;
idle; import:admin initiate
000 #2: "windows" esp.2363e820 at 192.0.2.236 esp.fa8bd25a at 192.168.80.250
ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B
000 #1: "windows":4500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE_IF_USED in 2570s; newest ISAKMP; nodpd; idle; import:admin
initiate
000
000 Bare Shunt list:
000
2016-04-30 21:34 GMT-03:00 Sergio Belkin <sebelk at gmail.com>:
>
> 2016-04-30 13:30 GMT-03:00 Paul Wouters <paul at nohats.ca>:
>
>> vhost:%no,%priv
>
>
>
>
> I've followed your suggestion, and now I get:
>
> 000 "windows": oriented; my_ip=unset; their_ip=unset;
> mycert=hope.belkin.home
> 000 "windows": xauth us:none, xauth them:none, my_username=[any];
> their_username=[any]
> 000 "windows": modecfg info: us:none, them:none, modecfg policy:push,
> dns1:unset, dns2:unset, domain:unset, banner:unset;
> 000 "windows": labeled_ipsec:no;
> 000 "windows": policy_label:unset;
> 000 "windows": CAs: 'DC=ar, DC=com, DC=vfc, CN=vfc-MS00009-CA'...'%any'
> 000 "windows": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32;
> rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
> 000 "windows": retransmit-interval: 500ms; retransmit-timeout: 60s;
> 000 "windows": sha2_truncbug:no; initial_contact:no; cisco_unity:no;
> fake_strongswan:no; send_vendorid:no;
> 000 "windows": policy:
> RSASIG+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
> 000 "windows": conn_prio: 32,32; interface: wlp7s0; metric: 0; mtu:
> unset; sa_prio:auto; nflog-group: unset; mark: unset;
> 000 "windows": newest ISAKMP SA: #1; newest IPsec SA: #2;
> 000 "windows": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
> 000 "windows": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<N/A>
> 000
> 000 Total IPsec connections: loaded 3, active 1
> 000
> 000 State Information: DDoS cookies not required, Accepting new IKE
> connections
> 000 IKE SAs: total(1), half-open(0), open(0), authenticated(1),
> anonymous(0)
> 000 IPsec SAs: total(1), authenticated
>
> Thanks in advanec!
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160430/df27357e/attachment.html>
More information about the Swan
mailing list