[Openswan dev] Pluto respawns with rightid=%fromcert

Thu Dec 11 12:53:25 EST 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nicolas Bellido Y Ortega wrote:
> On Thursday 11 December 2008 17:44:17 Tuomo Soini wrote:
>> Nicolas Bellido Y Ortega wrote:
>>> conn left-right-vpn
>>> 	left=10.0.5.83
>>> 	leftcert=/etc/ipsec.d/certs/leftCert.pem
>>> 	leftsendcert=always
>>> 	right=%any
>>> 	rightca=%any
>>> 	rightid=%fromcert
>>> 	auto=add
>> This config is totally wrong but it looks like config-parser will accept
>> it (wrongly). right=%any and rightid=%fromcert is invalid combination.
>> Fromcert can only load id from locally stored certificate!
> 
> Let's see:
> 
> conn left-right-vpn
>         left=10.0.5.83
>         leftcert=/etc/ipsec.d/certs/leftCert.pem
>         leftsendcert=always
>         rightid=%fromcert
>         rightca=%any
>         auto=add

What you want is leftid=%fromcert

NOT rightid=%fromcert

you want to set rightid="<subject of right certificate here>"

I already said to you you can only use rightid=%fromcert together with
rightcert=rightCert.pem

- --
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFJQVOVTlrZKzwul1ERAku9AJ9K//aWKUnqjrOnxgX7NUk2aBbp9gCfe0nx
ZwugKUCw1MgjT8FURfGGFuw=
=Acrm
-----END PGP SIGNATURE-----