[Swan] host-to-host config fails with Can't find the certificate or private key

Igor Jovanovic skipper.net at gmail.com
Thu Oct 11 09:58:07 UTC 2018 

unsubscribe

On Thu, Oct 11, 2018 at 5:29 AM Alex <mysqlstudent at gmail.com> wrote:

> Hi Paul, I'm still having trouble and could really use some help. Do
> these errors mean anything?
>
> Oct 10 21:21:33.289300: | #5 in state PARENT_I2: sent v2I2, expected v2R2
> Oct 10 21:21:33.289303: | Unpacking clear payload for svm: Initiator:
> process INVALID_SYNTAX AUTH notification
> Oct 10 21:21:33.289306: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
> Oct 10 21:21:33.289309: | serialno table: hash serialno #4 to head
> 0x56548f76ccc0
> Oct 10 21:21:33.289312: | serialno table: hash serialno #4 to head
> 0x56548f76ccc0
> Oct 10 21:21:33.289330: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
> Oct 10 21:21:33.289334: | selected state microcode Initiator: process
> AUTHENTICATION_FAILED AUTH notification
> Oct 10 21:21:33.289337: | Now let's proceed with state specific processing
> Oct 10 21:21:33.289339: | calling processor Initiator: process
> AUTHENTICATION_FAILED AUTH notification
> Oct 10 21:21:33.289343: "oriontun" #5: IKE SA authentication request
> rejected: AUTHENTICATION_FAILED
>
> Googling any of these errors/warnings generally only reveal the lines
> themselves from the source code. How do I find out what exactly was
> the invalid syntax?
>
> Thanks,
> Alex
>
> On Mon, Oct 8, 2018 at 10:37 PM Alex <mysqlstudent at gmail.com> wrote:
> >
> > I don't understand this error:
> >
> > Oct  8 22:30:01.939114: "oriontun" #3: IKEv2 mode peer ID is ID_FQDN:
> > '@arcade-orion'
> > Oct  8 22:30:01.939222: "oriontun" #3: Signature check (on
> > @arcade-orion) failed (wrong key?); tried *AwEAAePbb
> > Oct  8 22:30:01.939234: "oriontun" #3: Digital Signature authentication
> failed
> > Oct  8 22:30:01.939262: "oriontun" #3: responding to AUTH message (ID
> > 1) from 107.155.66.2:500 with encrypted notification
> > AUTHENTICATION_FAILED
> >
> > This is from the left host, orion. The key that it tried is the pub
> > key from the right host, arcade. Why would it fail a signature check?
> >
> > It seems to indicate that it's the wrong key, but that's the public
> > key from the keypair generated on the other side. It passes on the
> > other side:
> >
> > # ipsec showhostkey --right --rsaid AwEAAePbb
> >         # rsakey AwEAAePbb
> >
> rightrsasigkey=0sAwEAAePbbigzEO59FKqpM3frTLK4yry7xtEJN2J+A8rrb2e5reVu28IawJ/IOROx7XeGJkOz0bMX6zUF+ojYz0OPfJWpNfMBdl92NTU6/epO0h9/slKgn2G4hVK6bb1UOrcfo...
> >
> > I have worked on this all day and all night for more than three days
> > and just have no idea why it's failing here.
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181011/493cfe6a/attachment.html>

More information about the Swan mailing list