--- west.console.txt 2019-08-24 18:12:56.148678331 +0000 +++ OUTPUT/west.console.txt 2019-08-26 13:14:16.679833720 +0000 @@ -23,13 +23,15 @@ 002 "san" #1: I am sending a certificate request 1v1 "san" #1: STATE_AGGR_I1: initiate 002 "san" #1: Peer ID is ID_USER_FQDN: 'east@testing.libreswan.org' -002 "san" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA -003 "san" #1: Authenticated using RSA -002 "san" #1: I am sending my cert -004 "san" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP1536} -002 "san" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO -1v1 "san" #2: STATE_QUICK_I1: initiate -004 "san" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} +003 "san" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification +003 "san" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. +002 "san" #1: X509: Certificate rejected for this connection +002 "san" #1: X509: CERT payload bogus or revoked +003 "san" #1: initial Aggressive Mode packet claiming to be from east@testing.libreswan.org on 192.1.2.23:500 but no connection has been authorized +218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION +002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 +031 "san" #1: STATE_AGGR_I1: 60 second timeout exceeded after 0 retransmits. No response (or no acceptable response) to our first IKEv1 message +000 "san" #1: starting keying attempt 2 of an unlimited number, but releasing whack west # echo "done" done