Hi Support Forum,
I’m in a PoC and test the ipsec connection. We have made an IPsec with Preshared Keys Successfully and try now a IPsec with x509 authentication.
On the Initiator I have this logs
2019:11:21-11:08:26 firewall pluto[23675]: loading secrets from “/etc/ipsec.secrets”
2019:11:21-11:08:26 firewall pluto[23675]: loaded private key from ‘bernddausch.chickenkiller.com.pem’
2019:11:21-11:08:26 firewall pluto[23675]: listening for IKE messages
2019:11:21-11:08:26 firewall pluto[23675]: forgetting secrets
2019:11:21-11:08:26 firewall pluto[23675]: loading secrets from “/etc/ipsec.secrets”
2019:11:21-11:08:26 firewall pluto[23675]: loaded private key from ‘bernddausch.chickenkiller.com.pem’
2019:11:21-11:08:26 firewall pluto[23675]: loading ca certificates from ‘/etc/ipsec.d/cacerts’
2019:11:21-11:08:26 firewall pluto[23675]: loaded ca certificate from ‘/etc/ipsec.d/cacerts/VPN Signing CA (Fri Sep 16 16:40:48 2016).pem’
2019:11:21-11:08:26 firewall pluto[23675]: loaded ca certificate from ‘/etc/ipsec.d/cacerts/firewall.myhome.local Verification CA 1.pem’
2019:11:21-11:08:26 firewall pluto[23675]: loaded ca certificate from ‘/etc/ipsec.d/cacerts/Proxy-CA.pem’
2019:11:21-11:08:26 firewall pluto[23675]: loaded ca certificate from ‘/etc/ipsec.d/cacerts/bernddausch.chickenkiller.com Verification CA 1.pem’
2019:11:21-11:08:26 firewall pluto[23675]: loading aa certificates from ‘/etc/ipsec.d/aacerts’
2019:11:21-11:08:26 firewall pluto[23675]: loading ocsp certificates from ‘/etc/ipsec.d/ocspcerts’
2019:11:21-11:08:26 firewall pluto[23675]: loading attribute certificates from ‘/etc/ipsec.d/acerts’
2019:11:21-11:08:26 firewall pluto[23675]: Changing to directory ‘/etc/ipsec.d/crls’
2019:11:21-11:08:26 firewall pluto[23675]: loaded host certificate from ‘/etc/ipsec.d/certs/bernddausch.chickenkiller.com.pem’
2019:11:21-11:08:26 firewall pluto[23675]: added connection description “S_test2”
2019:11:21-11:08:26 firewall pluto[23675]: “S_test2” #20: initiating Main Mode
2019:11:21-11:08:26 firewall pluto[23675]: ERROR: “S_test2” #20: sendto on eth1 to 46.182.146.36:500 failed in main_outI1. Errno 1: Operation not permitted
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: received Vendor ID payload [XAUTH]
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: received Vendor ID payload [Dead Peer Detection]
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: received Vendor ID payload [RFC 3947]
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: enabling possible NAT-traversal with method 3
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: NAT-Traversal: Result using RFC 3947: i am NATed
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: we have a cert and are sending it
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: Peer ID is ID_DER_ASN1_DN: ‘L=NBG, O=SchuWa, CN=vpn-gw02’
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: no public key known for ‘L=NBG, O=SchuWa, CN=vpn-gw02’
2019:11:21-11:08:36 firewall pluto[23675]: “S_test2” #20: sending encrypted notification INVALID_KEY_INFORMATION to 46.182.146.36:4500
edit: with another vendor (lancom) on the other site, it worked with the same settings on the vyos site. with Sophos UTM I get this error on two sites.
have anyone a hint?
Kind Regards,
Bernd