[Openswan Users] authby rsasig and authby secret
Stephen Collier
stephenc at johnbarry.com.au
Mon May 3 14:45:11 CEST 2004
We upgraded from superfreeswan to openswan 2.1.1 with adding version 2 and
removing plutoload and plutostart lines.
The authby secrets connections work but the authby rsasig does not. They are
win 2K clients. The connection establishes the SA but then complains no
connection known. Is there a problem with both auth by secret and rsasig
version 2
# basic configuration
config setup
plutostderrlog=/var/log/pluto.log
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
dumpdir=/root/openswan/dump
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn xxx1
authby=secret
esp=3des-md5,3des-sha
right=xxx1.homedns.org
rightid=@xxx1.homedns.org
rightsubnet=10.x.x.x/28
left=%defaultroute
leftsubnet=192.168.0.0/16
auto=route
pfs=yes
conn xxx2
authby=secret
esp=3des-md5,3des-sha
right=xxx2.homedns.org
rightid=@xxx2.homedns.org
rightsubnet=10.x.x.x/28
left=%defaultroute
leftsubnet=192.168.0.0/16
conn xxx3-net
leftsubnet=192.168.0.0/16
also=xxx3
conn xxx3
right=%any
left=%defaultroute
leftcert=vpnserver.xxxx.com.au.pem
rightcert=xxxx.xxxx.com.au.pem
rightsubnetwithin=0.0.0.0/8
auto=add
pfs=yes
conn xxx4-net
leftsubnet=192.168.0.0/16
also=xxx4
conn xxx4
right=%any
rightcert=xxx4.xxxx.com.au.pem
rightsubnetwithin=0.0.0.0/0
left=%defaultroute
leftcert=vpnserver.xxxx.com.au.pem
auto=add
pfs=yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040503/97fe39ab/attachment.htm
More information about the Users
mailing list