[Openswan dev] Pluto respawns with rightid=%fromcert
tis at foobar.fi
Thu Dec 11 11:44:17 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Nicolas Bellido Y Ortega wrote:
> Following a thread on the user list [*], pluto receives a SIGABRT and
> respawns itself when rightid=%fromcert is present in ipsec.conf.
> The setup is the following (for a more complete description, please
> have a look at the thread on the user list):
> I want two peers ('Left' and 'Right') to communicate through an IPSec
> Left [10.0.5.83] <--------> Right [10.0.5.110]
> I want them to authenticate themselves based on their certificate, and
> the certs to be validated against each other's CA root cert.
> That is, I want Right to authenticate with its cert onto Left, and Left
> to validate Right's cert based on Right's CA root cert.
> Similarly, Right validates Left's cert against Left's CA root cert.
> Left is configured as follows:
> version 2.0
> config setup
> dumpdir=/tmp # Only here for debug
> conn left-right-vpn
This config is totally wrong but it looks like config-parser will accept
it (wrongly). right=%any and rightid=%fromcert is invalid combination.
Fromcert can only load id from locally stored certificate!
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Dev