<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'Sans Serif'; font-size:11pt; font-weight:400; font-style:normal;">Dňa Po 11. Máj 2009 ste napísali:<br>
> On Mon, 11 May 2009, Marek Greško wrote:<br>
> > I have<br>
> > leftrsasigkey=%cert<br>
> > rightrsasigkey=%cert<br>
> > only in the default section and<br>
> > leftid=%fromcert<br>
> > rightid=%fromcert<br>
> > only in the tunnel definition. I expect the defaults are loaded prior to<br>
> > tunnel definition. Isn't it?<br>
><br>
> You can't have all certs and all ids come in via IKE. You need to point to<br>
> one cert on disk at least for the local end, so you need at least one of<br>
> leftcert=filename / rightcert=filename<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I have leftcert/rightcert paths specified.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>><br>
> > I also do not want to have fromcert in the id, just testing it because of<br>
> > Paul's suggestion. I would like to use full id string (Subject DN) there.<br>
><br>
> You can specify that with rightid=, but you need to use %fromcert on the<br>
> side that you load from disk locally (eg with leftcert=filename)<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>I tried it exactly this way with the same results. The same config works if I downgrade the openswan 2.6 end to 2.4.<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Marek<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p></body></html>