[Openswan Users] left/rightsendcert=always questions
Nate Carlson
natecars at natecarlson.com
Thu May 13 17:26:30 CEST 2004
Hey guys!
I've been working with 2.1.2 cvs connecting to a SFS 1.99.3 server, if you
don't recall my previous message.
Ran into a problem where if the certificate wasn't cached on the server
side (from a different connection from a fs2.04/sfs host), it would reject
the connection from the Openswan box with the following:
May 13 16:18:53 vpn-gw pluto[7424]: "roadwarrior-colonet"[4] 65.193.16.110 #3: no RSA public key known for '<x509 id>'
May 13 16:18:53 vpn-gw pluto[7424]: "rw"[4] 65.193.16.110 #3: sending notification INVALID_KEY_INFORMATION to 65.193.16.110:500
If I make a connection from a sfs/fs box before hand with that cert, and
it's cached on the gateway, it's no problem. Also, if I add the
left/rightsendcert=always options to the openswan gateway, it works fine.
Is this actually a bug in Openswan (I'd think that it'd send the cert if
it needed it), or is it a bug in SFS (not asking for the certificate)?
Also, is there more documentation on the Xsendcert option somewhere?
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list