Eugene Kotlyarov
2009-04-06 19:42:41 UTC
Hi
Could someone tell me whats wrong with my setup?
I have following error
002 "checkpoint-openswan" #4: initiating Main Mode
104 "checkpoint-openswan" #4: STATE_MAIN_I1: initiate
106 "checkpoint-openswan" #4: STATE_MAIN_I2: sent MI2, expecting MR2
002 "checkpoint-openswan" #4: we have a cert and are sending it upon request
108 "checkpoint-openswan" #4: STATE_MAIN_I3: sent MI3, expecting MR3
003 "checkpoint-openswan" #4: discarding duplicate packet; already STATE_MAIN_I3
002 "checkpoint-openswan" #4: Peer ID is ID_IPV4_ADDR: 'x.x.119.254'
002 "checkpoint-openswan" #4: crl not found
002 "checkpoint-openswan" #4: certificate status unknown
003 "checkpoint-openswan" #4: no RSA public key known for 'x.x.119.254'
217 "checkpoint-openswan" #4: STATE_MAIN_I3: INVALID_KEY_INFORMATION
002 "checkpoint-openswan" #4: sending encrypted notification
INVALID_KEY_INFORMATION to x.x.119.254:500
My configuration is
conn checkpoint-openswan
type=tunnel
# Left side is Check Point
left=x.x.119.254
leftcert=checkpoint_ca_cert.pem
#tried setting this options also
#leftid="O=c.."
#leftrsasigkey=%cert
#extracted with fswcert tool
leftrsasigkey=0x0103...
leftsubnet=10.45.0.111/32
leftsendcert=no
# Right side is OpenSwan
right=77.50.36.0
# As an alternative, the file itself can be specified
rightcert=checkpoint_cl_cert.pem
rightrsasigkey=%cert
authby=rsasig
auto=start
# Optional specify encryption/hash methods for phase 1 & 2
ike=3des-md5-modp1024
esp=aes-sha1
# Disable Perfect Forward Secrecy, if not working proper
pfs=no
# Optional enable compression (if working)
#compress=yes
Could someone tell me whats wrong with my setup?
I have following error
002 "checkpoint-openswan" #4: initiating Main Mode
104 "checkpoint-openswan" #4: STATE_MAIN_I1: initiate
106 "checkpoint-openswan" #4: STATE_MAIN_I2: sent MI2, expecting MR2
002 "checkpoint-openswan" #4: we have a cert and are sending it upon request
108 "checkpoint-openswan" #4: STATE_MAIN_I3: sent MI3, expecting MR3
003 "checkpoint-openswan" #4: discarding duplicate packet; already STATE_MAIN_I3
002 "checkpoint-openswan" #4: Peer ID is ID_IPV4_ADDR: 'x.x.119.254'
002 "checkpoint-openswan" #4: crl not found
002 "checkpoint-openswan" #4: certificate status unknown
003 "checkpoint-openswan" #4: no RSA public key known for 'x.x.119.254'
217 "checkpoint-openswan" #4: STATE_MAIN_I3: INVALID_KEY_INFORMATION
002 "checkpoint-openswan" #4: sending encrypted notification
INVALID_KEY_INFORMATION to x.x.119.254:500
My configuration is
conn checkpoint-openswan
type=tunnel
# Left side is Check Point
left=x.x.119.254
leftcert=checkpoint_ca_cert.pem
#tried setting this options also
#leftid="O=c.."
#leftrsasigkey=%cert
#extracted with fswcert tool
leftrsasigkey=0x0103...
leftsubnet=10.45.0.111/32
leftsendcert=no
# Right side is OpenSwan
right=77.50.36.0
# As an alternative, the file itself can be specified
rightcert=checkpoint_cl_cert.pem
rightrsasigkey=%cert
authby=rsasig
auto=start
# Optional specify encryption/hash methods for phase 1 & 2
ike=3des-md5-modp1024
esp=aes-sha1
# Disable Perfect Forward Secrecy, if not working proper
pfs=no
# Optional enable compression (if working)
#compress=yes