search for: rsasig

...mset.net pluto[15986]: packet from >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> :1024: initial Main Mode message received on ****:500 but no >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> The errors are so vague. >> Not sure what the problem is now >> >> >> >> My conf >> >> >> >> conn tunnel >> #phase2alg=aes256-sha1;modp1024 >> keyexchange=ike >> #ike=aes256-sha1;modp10...

...o-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on ****:500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW The errors are so vague. Not sure what the problem is now My conf conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home...

...sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim certificate_type x509 "slave1.public" "slave1.private"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } remote 192.168.0.29 { exchange_mode aggressive,main; my_identifier asn...

...3:44 carneab4.memset.net pluto[15986]: packet from > ***:1024: received Vendor ID payload [Dead Peer Detection] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > :1024: initial Main Mode message received on ****:500 but no > connection has been authorized with policy RSASIG+IKEV1_ALLOW > > The errors are so vague. > Not sure what the problem is now > > > > My conf > > > > conn tunnel > #phase2alg=aes256-sha1;modp1024 > keyexchange=ike > #ike=aes256-sha1;modp1024 > left=192.168.1.122 > leftnexthop=81.1...

...send_cr on; verify_cert on; lifetime time 300 sec; passive off; proposal_check strict; nonce_size 256; proposal { encryption_algorithm blowfish 448; hash_algorithm sha1 512; authentication_method rsasig; dh_group modp4096; lifetime time 300 sec; } } sainfo anonymous { pfs_group modp4096; lifetime time 300 sec; encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } padding...

...]: packet from > >> ***:1024: received Vendor ID payload [Dead Peer Detection] > >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > >> :1024: initial Main Mode message received on ****:500 but no > >> connection has been authorized with policy RSASIG+IKEV1_ALLOW > >> > >> The errors are so vague. > >> Not sure what the problem is now > >> > >> > >> > >> My conf > >> > >> > >> > >> conn tunnel > >> #phase2alg=aes256-sha1;modp1024 >...

...Racoon.conf remote 192.168.1.1 { exchange_mode main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } } sainfo anonymous { pfs_group modp1024; #I don''t understand this option lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } __________________________________...

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

...specification # /etc/ipsec.conf - FreeS/WAN IPSEC configuration file # More elaborate and more varied sample configurations can be found # in doc/examples. # basic configuration config setup interfaces="ipsec0=ppp0" klipsdebug=none plutodebug=none conn %default authby=rsasig leftrsasigkey=%cert rightrsasigkey=%cert conn roadwarrior compress=no left=xxxxxx.dnsalias.org lefsubnet=192.168.1.0/24 leftcert=chivas.hectordenis.net.pem pfs=yes right=%any auto=add ************************************************************************************* ipsec on the XP s...

...quot;/etc/racoon/certs/host-a.public" "/etc/racoon/certs/host-a.private"; peers_certfile "/etc/racoon/certs/host-b.public"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } } The racoon.conf file looks like this (I made no changes to it, as installed by ipsec-tools, include statement added by ifup-ipsec script): # Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entrie...

...em"; > verify_cert on; > my_identifier asn1dn ; > peers_identifier asn1dn ; > verify_identifier on ; > lifetime time 24 hour ; > proposal { > encryption_algorithm blowfish; > hash_algorithm sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algori...

...e_type x509 "bsd.public" "bsd.priv" ; lifetime time 24 hour ; # sec,min,hour #initial_contact off ; #passive on ; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } # the configuration makes racoon (as a responder) to obey the # initiator's lifetime and PFS group proposal. # this makes testing so much easier. proposal_check obey; } # phase 2 proposal (for IPsec SA). # actual phase 2 proposal will obey the foll...