[Openswan Users] Nortel interoperability questions
Ken Bantoft
ken at xelerance.com
Wed May 5 05:05:55 CEST 2004
On Tue, 4 May 2004, David Mattes wrote:
> Ken Bantoft wrote:
>
> >If you're using 2.1.x, you can use
> >
> >leftsourceip=130.42.160.12
> >
> >and it will do the routing magic for you. (assign IP to lo interface, and
> >do source routing). I do this myself between two Openswan boxes.
> >
> >
> >
> I just upgraded from FreeS/WAN 2.04 to OpenS/WAN 2.1.1 (in order to try
> the above configuration changes) and did not change ipsec.conf or any of
> my certificates or connection material, but I'm now getting
> INVALID_CERTIFICATE errors from the Nortel box. From the output it
> seems that pluto is deciding how to sign the hash, and it looks like
> it's deciding between 2 private keys (PPK_RSA:AwEAAe919 vs
> PPK_RSA:AwEAAe919)! But on the next line, pluto signs with *AwEAAe919,
> so it seems like there is some inconsistency here...
Grap 2.1.2rc3 and put leftsentcert=always in. I haven't had time to
release 2.1.2 final yet, since I've been debugging 2.2.x.
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Users
mailing list