[Openswan Users] Openswan not working on fedora core 1
Peter B.
openswan at linuxnet.ch
Mon Apr 19 13:01:15 CEST 2004
Axel Thimm wrote:
>Could you provide more details on the crash?
>
>Furthermore since your post there have been several changes to the
>rpms, including patching in NAT-T support and the lastest kernel
>security fix.
>
>Please try kernel & openswan from
>
>http://ATrpms.net/name/kernel/
>http://ATrpms.net/name/openswan/
>
>Make sure you grab the "2.4.22-1.2179.nptl_46.rhfc1.at" kernel & kmdls.
>
>
Hello all
I found out what the problem was, well... what part does the error.
It seems that somehow my x.509 certificate is not useable with openswan
anymore. I used this certificate without problem on freeswan 2.04.
After many tests and many walkdowns to my basement (Where my firewall
is) I tried the following:
1. Comment out every connection from ipsec.conf, leave only general options.
2. activate one connection by one, start with "PSK" connections.
3. At the end activate the only x.509 connection I have.
The big problem was when the pluto process crashed, I couldn't use
iptools or ifconfig anymore. Also a remote-reboot was not possible
anymore, I had to power-cycle the firewall-machine in the basement.
When I added connection by connection I figured out that everything
works like it should until it comes to the x.509 connection.
Maybe the developers of openswan should check again the x.509 code they
have in pluto?
Thanks for any your help! I will live for the moment without x.509
connections at all.
If you need me to do more tests or troubleshooting, let me know. I'm
also happy to help in troubleshooting this issue.
Peter B.
More information about the Users
mailing list