[Openswan Users] no connection authorized...
Paul Wouters
paul at xelerance.com
Wed Dec 8 23:02:58 CET 2004
On Wed, 8 Dec 2004, Eric S. Johansson wrote:
> conn ronlaptop
> left=harvee.org
> leftnexthop=%defaultroute
> leftsubnet=192.168.0.0/255.255.255.0
> leftcert=/var/ipcop/certs/hostcert.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> rightcert=/var/ipcop/certs/ronlaptopcert.pem
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> authby=rsasig
> auto=add
Note that since you are explicitely loading both certificates, the
role of the CA is undermined, since openswan 'trusts' all
explicitely loaded certificates.
The proper way to use Ca's is to not specify any rightcert=. Then the
properly trusted CA that is loaded will be looked up by the server side.
I am not sure if this will fix your problem. It would be good if IPcop
switched to openswan-2 instead of still using openswan-1, which is in
maintanance mode only.
Paul
More information about the Users
mailing list