isakmpd: rsa_sig_decode_hash: RSA_public_decrypt () failed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

isakmpd: rsa_sig_decode_hash: RSA_public_decrypt () failed

Heinrich Rebehn
Hi all,

We have a VPN Gateway to allow "road warriors" to securely access our
network from anywhere (home,wlan). It runs OpenBSD 3.7 and the "clients"
are WinXPSP2 machines using the built-in IPSec. Authentication is done
with X.509 certificates which are distributed as PKCS#12 files.

This has been running fine for over a year now.
Some days ago i had to reinstall a client beacuse of a disk problem, and
i cannot get IPSec to work anymore.

isakmpd keeps reporting:

rsa_sig_decode_hash: RSA_public_decrypt () failed
dropped message from 134.102.176.91 port 500 due to notification type
INVALID_ID_INFORMATION

The other clients are still working fine. I have been double checking
the config files (which i did not change) and created new certificates
more than ones, but cannot find anything.

My question:

What requirements must ne met so that the certificate can be decrypted?
Which public key is used? Is it sent along with the certificate?

I can post my config and logfiles if required

Thanks for your help,

        Heinrich
--

Heinrich Rebehn

University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -

Phone : +49/421/218-4664
Fax   :            -3341