[Openswan Users] Re: config question
david p
david2005.p at gmail.com
Thu Jun 9 12:09:36 CEST 2005
On 6/8/05, Paul Wouters <paul at xelerance.com> wrote:
> On Wed, 8 Jun 2005, david p wrote:
>
> > [root at dhcp203 private]# ipsec auto --up testvpnda
> > 104 "testvpnda" #1: STATE_MAIN_I1: initiate
> > 106 "testvpnda" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> > 108 "testvpnda" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > 010 "testvpnda" #1: STATE_MAIN_I3: retransmission; will wait 20s for
> response
> > 003 "testvpnda" #1: we require peer to have ID '195.212.109.202', but
> > peer declares 'C=fr, ST=ile-de-france, L=paris, O=toto,
> > CN=user01desuri, E=ngc1976.m42 at caramail.com'
> > 218 "testvpnda" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
> >
> > Why I have to specify the "rightid" to make the VPN up ?
> > why specify a certificat by "rightcert" does not work ?
>
> Did all certificates load properly? What does ispec auto --listall say on
> both ends?
>
> Paul
>
hi paul,
yes I think all certificates load properly :
-------------------listall on userA-----------------
000 List of Public Keys:
000
000 Jun 08 10:39:25 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006
ok
000 ID_USER_FQDN 'ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:39:25 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006
ok
000 ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:31:07 2005, 1024 RSA Key AwEAAeqR4, until May 25 15:12:27 2006
ok
000 ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 Jun 08 10:31:03 2005, 2192 RSA Key AQNeVYs83, until --- -- --:--:-- ----
ok (expires never)
000 ID_IPV4_ADDR '195.212.109.204'
000 Jun 08 10:31:03 2005, 2192 RSA Key AQOvVgRGm, until --- -- --:--:-- ----
ok (expires never)
000 ID_IPV4_ADDR '195.212.109.203'
000
000 List of X.509 End Certificates:
000
000 Jun 08 10:31:07 2005, count: 1
000 subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000 issuer: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 serial: 07
000 pubkey: 1024 RSA Key AwEAAeqR4, has private key
000 validity: not before May 25 15:12:27 2005 ok
000 not after May 25 15:12:27 2006 ok
000 subjkey:
a6:0a:2c:41:7b:8b:4d:6d:75:6b:b5:a2:ec:25:95:81:e7:12:d1:bc
000 authkey:
28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CA Certificates:
000
000 Jun 08 10:31:02 2005, count: 1
000 subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 issuer: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=rootca1024'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAcKtB
000 validity: not before May 03 13:11:24 2005 ok
000 not after May 03 13:11:24 2025 ok
000 subjkey:
28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
-----------------------------------------------------------------------------------
------------------listall on userB ----------------------------
000 List of Public Keys:
000
000 Jun 08 10:39:13 2005, 1024 RSA Key AwEAAeqR4, until Jul 03 15:40:10 2005 ok
000 ID_USER_FQDN 'ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:39:13 2005, 1024 RSA Key AwEAAeqR4, until Jul 03 15:40:10 2005 ok
000 ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user02desuri, E=ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:30:52 2005, 1024 RSA Key AwEAAeCQ9, until May 26 12:15:11 2006 ok
000 ID_DER_ASN1_DN 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000 Issuer 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 Jun 08 10:30:48 2005, 2192 RSA Key AQO1ealTo, until --- --
--:--:-- ---- ok (expires never)
000 ID_IPV4_ADDR '195.212.109.202'
000 Jun 08 10:30:48 2005, 2192 RSA Key AQNeVYs83, until --- --
--:--:-- ---- ok (expires never)
000 ID_IPV4_ADDR '195.212.109.204'
000
000 List of X.509 End Certificates:
000
000 Jun 08 10:30:52 2005, count: 1
000 subject: 'C=fr, ST=ile-de-france, L=paris, O=toto,
CN=user01desuri, E=ngc1976.m42 at caramail.com'
000 issuer: 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 serial: 08
000 pubkey: 1024 RSA Key AwEAAeCQ9, has private key
000 validity: not before May 26 12:15:11 2005 ok
000 not after May 26 12:15:11 2006 ok
000 subjkey: 27:76:38:36:d2:21:47:92:68:2a:58:42:7e:ed:68:86:18:a9:1e:32
000 authkey: 28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CA Certificates:
000
000 Jun 08 10:30:48 2005, count: 1
000 subject: 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 issuer: 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAcKtB
000 validity: not before May 03 13:11:24 2005 ok
000 not after May 03 13:11:24 2025 ok
000 subjkey: 28:99:32:6e:71:23:3d:5d:d8:9a:c2:2a:be:18:bf:98:94:76:29:76
000
000 List of X.509 CRLs:
000
000 Jun 08 10:32:23 2005, revoked certs: 2
000 issuer: 'C=fr, ST=ile-de-france, L=paris, O=toto, CN=rootca1024'
000 distPts: 'http://195.212.109.205/ca.crl'
000 updates: this Jun 03 15:40:10 2005
000 next Jul 03 15:40:10 2005 ok
------------------------------------------------------------------
here we can see the CRL, cause it is already in memory (downloaded
from the didPts).
is there any problem ?
regards
david
More information about the Users
mailing list