[Openswan Users] Certificate wierdness

Toby Chamberlain toby at webtechservices.com.au
Tue Aug 2 13:33:51 CEST 2005


I have a user who connects to Openswan with a certificate from her desktop 
Windows PC. When I tried to setup a connection to the same server, with the 
same certificate, from her laptop, the IPSEC negotiation stalled at 
STATE_MAIN_R2. After much fiddling I fixed the issue by creating a 
certificate with a smaller key size and less text in the description 
fields... presumably there was an issue with the certificate size and the 
MTU.

What confuses me though, is that the only difference between the two setups 
is that the desktop is NAT'ed on an ADSL connection and the laptop is on a 
standard dial-up modem to an ISP... why does the certificate work in one 
case (the NAT'ed ADSL) but not in the other... if either side failed I would 
have expected the ADSL, as pppoe has a higher overhead doesn't it?

Thanks
Toby




More information about the Users mailing list