[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and rsa_public_decrypt failed.



Hi all.

I've got trouble with setting up ipsec between
two gateways, using isakmpd and x509 certs.
The rsa_decryption fails when the two parties try and 
authenticate each other. I've had collegues check my setup 
and no-one can find a fault in my configuration or the certs for 
either system or the ca-cert that has signed them.
Someone said there was a kernel bug in the normal cd-installtion 
binaries, so i've tried with never stable-branch -kernels but with 
the same result.
If anyone has any idea of why this fails, i'd be much obliged if
you could help.

Regards
Taisto Qvist, IP Solutions
--- debug output ----
124153.070723 Mesg 70 DOI: IPSEC
124153.070750 Mesg 70 PROTO: ISAKMP
124153.070778 Mesg 70 SPI_SZ: 16
124153.070806 Mesg 70 MSG_TYPE: INITIAL_CONTACT
124153.070841 Exch 90 exchange_validate: checking for required ID
124153.070869 Exch 90 exchange_validate: checking for required AUTH
124153.070899 Misc 30 ipsec_responder: phase 1 exchange 2 step 4
124153.070930 Misc 40 ike_phase_1_recv_ID: FQDN:
124153.070965 Misc 40 73616162 2e697073 2e7365
124153.071021 Cryp 70 cert_cmp: :
124153.071063 Cryp 70 02000000 73616162 2e697073 2e7365
124153.071087 Cryp 70 cert_cmp: :
124153.071144 Cryp 70 094874b6 3061310b 30090603 55040613 02736531 
12301006 03550407 13097374
124153.071201 Cryp 70 6f636b68 6f6c6d31 0c300a06 0355040a 13036970 
73311430 12060355 0403130b
124153.071257 Cryp 70 73616162 2e697073 2e736531 1a301806 092a8648 
86f70d01 0901160b 726f6f74
124153.071288 Cryp 70 40697073 2e7365
124153.071312 Cryp 70 cert_cmp: :
124153.071350 Cryp 70 02000000 73616162 2e697073 2e7365
124153.071374 Cryp 70 cert_cmp: :
124153.071412 Cryp 70 02000000 73616162 2e697073 2e7365
124153.071439 Cryp 70 x509_hash_find: return X509 0x107400
124153.071840 Cryp 40 rsa_sig_decode_hash: using cert of type 4
124153.073481 Default rsa_sig_decode_hash: RSA_public_decrypt () 
failed
124153.073542 Default dropped message from 10.10.1.12 port 500 due to 
notification type INVALID_ID_INFORMATION
124153.073580 Misc 60 conf_get_str: [General]:Exchange-max-time->120




Visit your host, monkey.org