[Openswan Users] Certificate wierdness
Toby Chamberlain
toby at webtechservices.com.au
Tue Aug 2 13:33:51 CEST 2005
I have a user who connects to Openswan with a certificate from her desktop
Windows PC. When I tried to setup a connection to the same server, with the
same certificate, from her laptop, the IPSEC negotiation stalled at
STATE_MAIN_R2. After much fiddling I fixed the issue by creating a
certificate with a smaller key size and less text in the description
fields... presumably there was an issue with the certificate size and the
MTU.
What confuses me though, is that the only difference between the two setups
is that the desktop is NAT'ed on an ADSL connection and the laptop is on a
standard dial-up modem to an ISP... why does the certificate work in one
case (the NAT'ed ADSL) but not in the other... if either side failed I would
have expected the ADSL, as pppoe has a higher overhead doesn't it?
Thanks
Toby
More information about the Users
mailing list