[vpn-help] -12 against ipsec-tools 0.6.6
Peter Eisch
peter at boku.net
Mon Jul 24 15:32:26 CDT 2006
In what configuration will -12 connect to 0.6.6? I've tried Mutual RSA and
Hybrid but neither worked.
The hybrid connection request results in racoon logging:
ERROR: reject the packet, received unexpecting payload type 0.
Along the way the client notes INVALID-CERTIFICATE:
ii : matched phase1 proposal
ii : - protocol = isakmp
ii : - transform = ike
ii : - key length = default
ii : - cipher type = 3des
ii : - hash type = sha1
ii : - dh group = modp-1024
ii : - auth type = hybrid-initiator-rsa
ii : - life seconds = 86400
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
<< : certificate payload
<< : invalid certificate size
>> : notification payload
-> : send IKE packet to 10.1.100.26:500 ( 56 bytes )
II | sent peer notification, INVALID-CERTIFICATE
What certificate creation process is needed to get happy certs? I'm signing
with "-policy policy_anything"
Ideas?
Thanks,
peter
More information about the vpn-help
mailing list