This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSH Sentinel X.509

Hi ,

I bought SSH sentinel  version 1.4.1 from astaro and I try to establish  VPN connection following the instructions on docs.astaro.org  (X.509 How-To Host-to-Net).

When I run diagnostics on SSH Sentinel it shows everything OK,
but when I try to establish VPN connection in IKE log I see this errors

Can not determine per-rule trusted CA root set for remote identity ....

IP ; Signature check failed

Invalid signature.

Please help,  I am  getting grey hair.

Ojrad

This thread was automatically locked due to age.

Parents

0 ojrad over 22 years ago

HI again,

I think I found solution.
When I uncheck check box "Trust in certificate path verification" at imported certificate, VPN establish instantly.

Strange but it works.

Ojrad
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ojrad over 22 years ago

HI again,

I think I found solution.
When I uncheck check box "Trust in certificate path verification" at imported certificate, VPN establish instantly.

Strange but it works.

Ojrad
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 karabela over 22 years ago in reply to ojrad

i also followed the instructions in the doc but dont get it working. also unchecked "Trust in certificate path verification" but dont works for me. i have ssh sentinel 1.4.1. and astaro is 4.015 and the laptop with the ssh sentinel is behind a broadband router with nat.
Cancel
Vote Up 0 Vote Down

Cancel
0 ojrad over 22 years ago in reply to karabela

I figured out an interesting thing. The procedure works only in one case.

You must first run diagnostic in  Sentinel policy editor -> VPN connection
You will be asked if you accept certificate from remote machine.
You must accept certificate and this certificate will be added under remote hosts.
You must uncheck check box "Trust in certificate path verification" at imported certificate.
VPN is established.

After reboot the VPN connection doesn’t work any more.

I must check check box "Trust in certificate path verification" at imported certificate and then follow the procedure again.

I think that this is unacceptable and that there have to be some other solution or patch.

Any hint ?
                                                                                     Ojrad
Cancel
Vote Up 0 Vote Down

Cancel