<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>We upgraded from superfreeswan to openswan 2.1.1 with adding version 2 
and<BR>removing plutoload and plutostart lines.<BR>The authby secrets 
connections work but the authby rsasig does not. They are<BR>win 2K clients. The 
connection establishes the SA but then complains no<BR>connection known. Is 
there a problem with both auth by secret and rsasig<BR><BR>version 2<BR># basic 
configuration<BR>config 
setup<BR>plutostderrlog=/var/log/pluto.log<BR>interfaces=%defaultroute<BR>klipsdebug=none<BR>plutodebug=none<BR>dumpdir=/root/openswan/dump<BR>uniqueids=yes<BR>nat_traversal=yes<BR>conn 
%default<BR>keyingtries=1<BR>compress=yes<BR>disablearrivalcheck=no<BR>authby=rsasig<BR>leftrsasigkey=%cert<BR>rightrsasigkey=%cert<BR><BR>conn 
block<BR>auto=ignore<BR><BR>conn private<BR>auto=ignore<BR><BR>conn 
private-or-clear<BR>auto=ignore<BR><BR>conn 
clear-or-private<BR>auto=ignore<BR><BR>conn clear<BR>auto=ignore<BR><BR>conn 
packetdefault<BR>auto=ignore<BR><BR>conn 
xxx1<BR>authby=secret<BR>esp=3des-md5,3des-sha<BR>right=xxx1.homedns.org<BR><A 
href="mailto:rightid=@xxx1.homedns.org">rightid=@xxx1.homedns.org</A><BR>rightsubnet=10.x.x.x/28<BR>left=%defaultroute<BR>leftsubnet=192.168.0.0/16<BR>auto=route<BR>pfs=yes<BR><BR>conn 
xxx2<BR>authby=secret<BR>esp=3des-md5,3des-sha<BR>right=xxx2.homedns.org<BR><A 
href="mailto:rightid=@xxx2.homedns.org">rightid=@xxx2.homedns.org</A><BR>rightsubnet=10.x.x.x/28<BR>left=%defaultroute<BR>leftsubnet=192.168.0.0/16<BR>conn 
xxx3-net<BR>leftsubnet=192.168.0.0/16<BR>also=xxx3<BR><BR>conn 
xxx3<BR>right=%any<BR>left=%defaultroute<BR>leftcert=vpnserver.xxxx.com.au.pem<BR>rightcert=xxxx.xxxx.com.au.pem<BR>rightsubnetwithin=0.0.0.0/8<BR>auto=add<BR>pfs=yes<BR><BR>conn 
xxx4-net<BR>leftsubnet=192.168.0.0/16<BR>also=xxx4<BR><BR>conn 
xxx4<BR>right=%any<BR>rightcert=xxx4.xxxx.com.au.pem<BR>rightsubnetwithin=0.0.0.0/0<BR>left=%defaultroute<BR>leftcert=vpnserver.xxxx.com.au.pem<BR>auto=add<BR>pfs=yes<BR></DIV></BODY></HTML>