[Openswan Users] Re: config question

david p david2005.p at gmail.com
Thu Jun 9 12:09:36 CEST 2005


On 6/8/05, Paul Wouters <paul at xelerance.com> wrote:
> On Wed, 8 Jun 2005, david p wrote:
> 
> > [root at dhcp203 private]# ipsec auto --up testvpnda
> > 104 "testvpnda" #1: STATE_MAIN_I1: initiate
> > 106 "testvpnda" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> > 108 "testvpnda" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > 010 "testvpnda" #1: STATE_MAIN_I3: retransmission; will wait 20s for
> response
> > 003 "testvpnda" #1: we require peer to have ID '195.212.109.202', but
> > peer declares 'C=fr, ST=ile-de-france, L=paris, O=toto,
> > CN=user01desuri, E=ngc1976.m42 at caramail.com'
> > 218 "testvpnda" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
> >
> > Why I have to specify the "rightid" to make the VPN up ?
> > why  specify a certificat by "rightcert" does not work ?
> 
> Did all certificates load properly? What does ispec auto --listall say on
> both ends?
> 
> Paul
> 
hi paul,

yes I think all certificates load properly :

-------------------listall on userA-----------------

000 List of Public Keys:
000
000 Jun 08 10:39:25 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006
ok
000        ID_USER_FQDN 'ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:39:25 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006
ok
000        ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:31:07 2005, 1024 RSA Key AwEAAeqR4, until May 25 15:12:27 2006
ok
000        ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:31:03 2005, 2192 RSA Key AQNeVYs83, until --- -- --:--:-- ----
ok (expires never)
000        ID_IPV4_ADDR '195.212.109.204'
000 Jun 08 10:31:03 2005, 2192 RSA Key AQOvVgRGm, until --- -- --:--:-- ----
ok (expires never)
000        ID_IPV4_ADDR '195.212.109.203'
000
000 List of X.509 End Certificates:
000
000 Jun 08 10:31:07 2005, count: 1
000        subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000        issuer:  'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000        serial:   07
000        pubkey:   1024 RSA Key AwEAAeqR4, has private key
000        validity: not before May 25 15:12:27 2005 ok
000                  not after  May 25 15:12:27 2006 ok
000        subjkey:
a6:0a:2c:41:7b:8b:4d:6d:75:6b:b5:a2:ec:25:95:81:e7:12:d1:bc
000        authkey:
28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CA Certificates:
000
000 Jun 08 10:31:02 2005, count: 1
000        subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000        issuer:  'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000        serial:   00
000        pubkey:   1024 RSA Key AwEAAcKtB
000        validity: not before May 03 13:11:24 2005 ok
000                  not after  May 03 13:11:24 2025 ok
000        subjkey:
28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
-----------------------------------------------------------------------------------

------------------listall on userB ----------------------------
000 List of Public Keys:
000
000 Jun 08 10:39:13 2005, 1024 RSA Key AwEAAeqR4, until Jul 03 15:40:10 2005 ok
000        ID_USER_FQDN 'ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:39:13 2005, 1024 RSA Key AwEAAeqR4, until Jul 03 15:40:10 2005 ok
000        ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:30:52 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006 ok
000        ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000        Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:30:48 2005, 2192 RSA Key AQO1ealTo, until --- --
--:--:-- ---- ok (expires never)
000        ID_IPV4_ADDR '195.212.109.202'
000 Jun 08 10:30:48 2005, 2192 RSA Key AQNeVYs83, until --- --
--:--:-- ---- ok (expires never)
000        ID_IPV4_ADDR '195.212.109.204'
000
000 List of X.509 End Certificates:
000
000 Jun 08 10:30:52 2005, count: 1
000        subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000        issuer:  'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000        serial:   08
000        pubkey:   1024 RSA Key AwEAAeCQ9, has private key
000        validity: not before May 26 12:15:11 2005 ok
000                  not after  May 26 12:15:11 2006 ok
000        subjkey:  27:76:38:36:d2:21:47:92:68:2a:58:42:7e:ed:68:86:18:a9:1e:32
000        authkey:  28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CA Certificates:
000
000 Jun 08 10:30:48 2005, count: 1
000        subject: 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000        issuer:  'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000        serial:   00
000        pubkey:   1024 RSA Key AwEAAcKtB
000        validity: not before May 03 13:11:24 2005 ok
000                  not after  May 03 13:11:24 2025 ok
000        subjkey:  28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CRLs:
000
000 Jun 08 10:32:23 2005, revoked certs: 2
000        issuer:  'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000        distPts: 'http://195.212.109.205/ca.crl'
000        updates:  this Jun 03 15:40:10 2005
000                  next Jul 03 15:40:10 2005 ok
------------------------------------------------------------------
here we can see the CRL, cause it is already in memory (downloaded
from the didPts).

is there any problem ?

regards
david


More information about the Users mailing list