2.6.25-ARCH running vpnclient-linux-x86_64-4.8.02.0030-k9

Installation, configuration and troubleshooting of the Cisco VPN Client on Linux systems

2.6.25-ARCH running vpnclient-linux-x86_64-4.8.02.0030-k9

Postby mind2ls » Sun Jan 04, 2009 7:19 am

Hi!
There seems to be a problem in negotiating with the cisco vpn server.
I am running ARCH Linux 2.6.25-ARCH. Building/installing from vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz was smooth.
I copied Profiles/* Certificates/* from my other machine that is known to work.
Internet connection is over eth1 (wireless by bcm43xx - that's an older driver for Broadcome AirForce 1 54b/g onboard wireless - Dell Latitude 610)
No rules by firewall enforced at this point.

ipseclog reveiles the following nasty stuff....
=========================================
82 02:48:51.277 01/04/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, CERT, CERT, SIG, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from xxx.xxx.xxx.xxx
83 02:48:51.278 01/04/2009 Sev=Info/4 CERT/0x4360000E
Discarding ROOT CA cert sent from peer.
84 02:48:51.278 01/04/2009 Sev=Warning/2 IKE/0xC3000097
Unable to validate peer certificate, Common Name tele-csvpn-gw-8a, Issuer o=IT Security Private CA,e=firewall_us@greatwildwest.com,c=US,st=CA,cn=GreatWildWest IT Security Private CA, (CertCfg:241).
85 02:48:51.278 01/04/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO (NOTIFY:INVALID_CERT) to 148.87.112.134
86 02:48:51.278 01/04/2009 Sev=Warning/2 IKE/0xC300009B
Failed to process AG Msg 2 (NavitagorAM:299)
87 02:48:51.278 01/04/2009 Sev=Warning/2 IKE/0xC30000A7
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2238)
88 02:48:51.278 01/04/2009 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=4F2D0AE812E9F4ED R_Cookie=015469146786F8EB) reason = DEL_REASON_IKE_NEG_FAILED

=====
And this repeats for every backup server as well.
Does anybody have an idea as to how to fix this?
mind2ls
Private
Private
 
Posts: 1
Joined: Sun Jan 04, 2009 6:57 am

Re: 2.6.25-ARCH running vpnclient-linux-x86_64-4.8.02.0030-k9

Postby tuxx-home.at » Thu Feb 05, 2009 2:17 pm

Unable to validate peer certificate, Common Name tele-csvpn-gw-8a, Issuer o=IT Security Private CA,e=firewall_us@greatwildwest.com,c=US,st=CA,cn=GreatWildWest IT Security Private CA, (CertCfg:241).


Could it be that you haven't installed the root certificate of the other party on your local system yet?
The following command could be used for that:

Code: Select all
cisco_cert_mgr -R -op import /path/to/your/root.crt
User avatar
tuxx-home.at
Supreme Commander
Supreme Commander
 
Posts: 2199
Joined: Mon Jan 01, 2007 12:51 pm
Location: Vassach - Austria - Europe

Re: 2.6.25-ARCH running vpnclient-linux-x86_64-4.8.02.0030-k9

Postby newcat » Sat Jul 03, 2010 2:19 am

I received the exact same message. The vpn worked a few days ago when disconnect quite frequently. But today I started to receive the message and I was not able to connect.
Has anyone found the solution?
newcat
Private
Private
 
Posts: 1
Joined: Sat Jul 03, 2010 2:14 am


Return to Cisco VPN Client on Linux systems

Who is online

Users browsing this forum: No registered users and 2 guests