<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=585065714-29092005><FONT face=Arial
size=2>Hello,</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><FONT face=Arial size=2>i hope someone can
help me.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>Some of our
customers are using openswan with plain RSA keys, about 8 office
connections.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>Now our
customer wants to connect some roadwarrior with certificates using NCP
VPN-Client.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>I created an RootCA
and certificates. The connection is build up successful, but i got many error
messages</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>because i had
</SPAN></FONT><FONT face=Arial size=2><SPAN class=585065714-29092005>two ": RSA
..." entries in ipsec.secrets. One using plain RSA key and one using RSA
certificate.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=585065714-29092005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>I donīt want to
reconfigure all vpn connections, so i thought i can use IDs to make the
connections</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>unique. I want to
make one entry for every roadwarrior connection in
ipsec.secrets:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005><DN1>: RSA
vpngw.pem <passphrase></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005><SPAN
class=585065714-29092005><DN2>: RSA vpngw.pem
<passphrase></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005><SPAN
class=585065714-29092005><SPAN class=585065714-29092005><DN3>: RSA
vpngw.pem <passphrase></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005><SPAN
class=585065714-29092005><SPAN
class=585065714-29092005></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>But it doesnīt work.
Whatever i insert in ipsec.secrets (correct or wrong DN), </SPAN></FONT><FONT
face=Arial size=2><SPAN class=585065714-29092005>the connection is
running.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=585065714-29092005>Can someone tell me,
why using different ids (DN) in ipsec.secrets doesnīt work?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=585065714-29092005></SPAN></FONT> </DIV>
<DIV><SPAN class=585065714-29092005><FONT face=Arial
size=2>ipsec.conf</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><FONT face=Arial size=2>conn
ncp</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>left=x.x.x.x</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>leftsubnet=10.1.1.0/24</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><FONT face=Arial size=2>
leftrsasigkey=%cert</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>leftnexthop=%defaultroute</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>leftcert=vpngw.pem</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>right=%any</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>rightsubnet=10.1.1.2/32</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>rightrsasigkey=%cert</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>authby=rsasig</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>auto=add</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>keyingtries=0</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> <FONT face=Arial
size=2>pfs=yes</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005> </SPAN></DIV>
<DIV><SPAN class=585065714-29092005><FONT face=Arial
size=2>ipsec.secrets</FONT></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><SPAN class=585065714-29092005><FONT
face=Arial size=2>C=DE,....OU=VPN,....: RSA vpngw.key
<passphrase></FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><SPAN class=585065714-29092005><FONT
face=Arial size=2></FONT></SPAN></SPAN> </DIV>
<DIV><SPAN class=585065714-29092005><SPAN class=585065714-29092005><FONT
face=Arial size=2>Thanks in advance.</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><SPAN class=585065714-29092005><FONT
face=Arial size=2> Stefan Drees</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=585065714-29092005><SPAN class=585065714-29092005><FONT
face=Arial size=2></FONT></SPAN></SPAN> </DIV>
<DIV><SPAN class=420220713-14072005><FONT face=Arial size=2>Computer &
Communication GmbH</FONT></SPAN></DIV>
<DIV><SPAN class=420220713-14072005><FONT face=Arial size=2>Gewerbepark
16</FONT></SPAN></DIV>
<DIV><SPAN class=420220713-14072005><FONT face=Arial size=2>59069
Hamm</FONT></SPAN></DIV>
<DIV><SPAN class=420220713-14072005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=420220713-14072005><FONT face=Arial size=2>Tel.: +49 2385
922040</FONT></SPAN></DIV>
<DIV><SPAN class=420220713-14072005>
<DIV><SPAN class=420220713-14072005><FONT face=Arial size=2>Fax.: +49 2385
9220400</FONT></SPAN></SPAN></DIV></DIV>
<DIV> </DIV></BODY></HTML>