[Vpn-help] vpn-release-1.1 communicate with racoon problem
Matthew Grooms
mgrooms at shrew.net
Sat Nov 25 00:22:37 CST 2006
Zhao Tongyi wrote:
>
> verify_cert on
>
> 27 Nov 23 03:24:48 err racoon ERROR: CRL has expired(12) at
> depth:0 SubjectName:/C=CN/O=1121/CN=1121/OU=1164073705U45625AE98F64A
>
> 28 Nov 23 03:24:48 err racoon ERROR: the peer's certificate is
> not verified.
>
> 29 Nov 23 03:24:48 err racoon ERROR: ignore information because
> ISAKMP-SA has not been established yet.
>
> 30 Nov 23 03:24:48 info racoon WARNING: Short payload
>
Zhao,
I haven't seen a "CRL has expired" message before. Both racoon and the
Shrew Soft VPN Client use OpenSSL libcrypto to create and verify the rsa
signatures. Did you create the certificates yourself using openssl?
Perhaps your client rsa certificate has expired? The openssl tool can be
used to verify a signature manually if you want to double check that
your ca and client cert are still working together. The other
possibility that I can think of is that your gateway has its system date
set in the future.
Thanks,
-Matthew
More information about the vpn-help
mailing list