[Openswan Users] path to madness
Eric S. Johansson
esj at harvee.org
Thu Dec 16 20:56:01 CET 2004
Paul Wouters wrote:
> On Thu, 16 Dec 2004, Eric S. Johansson wrote:
>
>> Dec 16 17:29:53 t2cop pluto[662]: packet from 68.194.142.248:500:
>> initial Main Mode message received on 69.18.163.107:500 but no
>> connection has been authorized with policy=RSASIG
>>
>> and I find it's frustrating that even with plutodebug=all, I don't get
>> anywhere near sufficient debugging information to tell me what's going
>> on (or at least in the form I can recognize).
>>
>> My interpretation of what's going on is that something about the
>> client side certificate is not right.
>
>
> certificates are rsasig based, so you need auth=rsasig. The above error
> says you are likely using auth=secret instead.
nope, using auth=rsasig
see:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.51.64.0/255.255.255.0
conn %default
keyingtries=0
disablearrivalcheck=no
conn rjagerlt
left=t2cop.andrewandsons.com
leftnexthop=%defaultroute
leftsubnet=10.51.64.0/255.255.255.0
leftcert=/var/ipcop/certs/hostcert.pem
right=%any
rightsubnet=vhost:%no,%priv
rightcert=/var/ipcop/certs/rjagerltcert.pem
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=rsasig
auto=add
--
http://www.salon.com/mwt/feature/2004/12/15/williams/index.html
But if that's what we rely on [private and home schools], we
rely on something less than a notion of universal access and something
other than a system that unsettles a class system. If private schools
and home schooling are all we have, we have a much more static
society, rooted in generational class stasis.
More information about the Users
mailing list