[Openswan Users] Multiple X.509 certs
Jacco de Leeuw
jacco2 at dds.nl
Sat Jun 4 11:46:23 CEST 2005
Bob Balsover wrote:
> I am using Openswan on Fedora core 3, I have successfully connected to
> one host using l2tp and ipsec, but when I attempt to connect to a
> different Linux host on a different domain configured with identical
> software it cannot negotiate an ipsec connection. From /var/log/secure
> I can see that the Windows XP Pro sp2 machine is using the wrong X.509
> cert; the first one that was installed. Is there something that I can
> configure on the Linux machine so that it encourages Windows XP to use
> the correct cert when negotiating a connection?
I was contacted about this a few times but I did not encounter the
problem myself. So I looked into this and wrote a small note about it:
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#Wrong_certificate
If you have better things to do with your time :-) then the quick solution
would be to add the following line to your config:
rightca=%same
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list