We have a VPN Gateway to allow "road warriors" to securely access our
network from anywhere (home,wlan). It runs OpenBSD 3.7 and the "clients"
are WinXPSP2 machines using the built-in IPSec. Authentication is done
with X.509 certificates which are distributed as PKCS#12 files.
This has been running fine for over a year now.
Some days ago i had to reinstall a client beacuse of a disk problem, and
i cannot get IPSec to work anymore.
isakmpd keeps reporting:
rsa_sig_decode_hash: RSA_public_decrypt () failed
dropped message from 188.8.131.52 port 500 due to notification type
The other clients are still working fine. I have been double checking
the config files (which i did not change) and created new certificates
more than ones, but cannot find anything.
What requirements must ne met so that the certificate can be decrypted?
Which public key is used? Is it sent along with the certificate?
I can post my config and logfiles if required
Thanks for your help,
University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -