[Openswan Users] no RSA public key known for 'C=..., O=..., CN=...'

Graham Leggett minfrin at sharp.fm
Mon Jun 28 14:36:24 CEST 2004


Tuomo Soini wrote:

> Exactly what it does say. It can't match any connection entry with your
> RSA public key because you had wrong id string.

Does DNS play a role in all of this?

The certificate's CN is rachel.wired.co.za, but the name 
rachel.wired.co.za resolves in the DNS to an address on the network 
behind the roadwarrior (in fact, an address accessible via the VPN) 
instead of the IP address of the roadwarrior itself (which is dynamic).

There are no messages from freeswan to indicate that it is doing a DNS 
lookup, or that DNS names matter, but one needs to be certain.

Regards,
Graham
--


More information about the Users mailing list