[Openswan Users] authby rsasig and authby secret

Stephen Collier stephenc at johnbarry.com.au
Mon May 3 14:45:11 CEST 2004


We upgraded from superfreeswan to openswan 2.1.1 with adding version 2 and
removing plutoload and plutostart lines.
The authby secrets connections work but the authby rsasig does not. They are
win 2K clients. The connection establishes the SA but then complains no
connection known. Is there a problem with both auth by secret and rsasig

version 2
# basic configuration
config setup
plutostderrlog=/var/log/pluto.log
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
dumpdir=/root/openswan/dump
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert

conn block
auto=ignore

conn private
auto=ignore

conn private-or-clear
auto=ignore

conn clear-or-private
auto=ignore

conn clear
auto=ignore

conn packetdefault
auto=ignore

conn xxx1
authby=secret
esp=3des-md5,3des-sha
right=xxx1.homedns.org
rightid=@xxx1.homedns.org
rightsubnet=10.x.x.x/28
left=%defaultroute
leftsubnet=192.168.0.0/16
auto=route
pfs=yes

conn xxx2
authby=secret
esp=3des-md5,3des-sha
right=xxx2.homedns.org
rightid=@xxx2.homedns.org
rightsubnet=10.x.x.x/28
left=%defaultroute
leftsubnet=192.168.0.0/16
conn xxx3-net
leftsubnet=192.168.0.0/16
also=xxx3

conn xxx3
right=%any
left=%defaultroute
leftcert=vpnserver.xxxx.com.au.pem
rightcert=xxxx.xxxx.com.au.pem
rightsubnetwithin=0.0.0.0/8
auto=add
pfs=yes

conn xxx4-net
leftsubnet=192.168.0.0/16
also=xxx4

conn xxx4
right=%any
rightcert=xxx4.xxxx.com.au.pem
rightsubnetwithin=0.0.0.0/0
left=%defaultroute
leftcert=vpnserver.xxxx.com.au.pem
auto=add
pfs=yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040503/97fe39ab/attachment.htm


More information about the Users mailing list