[Openswan Users] not quite there - ipsec SA proposal no working

Paul Wouters paul at xelerance.com
Mon Jan 24 19:10:31 CET 2005

On Mon, 24 Jan 2005, Mads Rasmussen wrote:

> Jan 24 14:20:46 [pluto] "road"[1] road_ip #1: cannot respond to IPsec SA 
> request because no connection is known for 
>[@pernambuco.dyndns.org]...road_ip[C=BR, O=Grupo F

> conn road
>       right=%any
>       leftid=@pernambuco.dyndns.org
>       rightid="/C=BR/O=Grupo F Arquitetura/OU=TI/CN=remote at grupof.com.br"
>       rightsubnet=

you're mixing things here. You should not be using X.509 based id's for only one
end of the connection. Remove leftid or put the real subject of its X.509 certificate
in there.


"At best it is a theory, at worst a fantasy" -- Michael Crichton

More information about the Users mailing list