[Openswan Users] Progress, but still no tunnel

geoffrey geoffrey at ticom.com
Wed Apr 6 17:24:48 CEST 2005

First of all, thank you, Jacco for Monday's pointer to the NAT-T
documentation. I now understand what those declarations mean and the
purposes they serve.

Unfortunately, I'm still not getting a tunnel up and running. Obviously
I would like to use x.509 certs to authenticate my tunnels with the
hopes of providing support to WinXP laptops in the future. From what I 
have seen, using certs seems to be the most flexible means for managing 
OpenSWAN connections. Anyway, I know some versions of OpenSWAN have not 
played nicely with 2048 bit keys. Does this limit apply to the CA key 
used to sign your end certificates as well? I have done a barf of both 
ends of my attempt at connecting a Gentoo laptop to a Gentoo gateway - 
both running OpenSWAN v2.3.0 with NETKEY support on 2.6.1[0|1] kernels. 
So, would someone be willing to look over my barf (so to speak) and clue 
me into what is wrong? It's here:


The top part is the gateway/host (fenetre) and the bottom section is the 
laptop (aphasia).

Thanks all.


This space intentionally
left non-blank


More information about the Users mailing list