[Openswan Users] is it normal ?

Paul Wouters paul at xelerance.com
Tue Jun 14 20:03:30 CEST 2005


On Tue, 14 Jun 2005, david wrote:

> Is it normal that when i am trying to establish a VPN with a user, I
> can only set in my ipsec.conf the id of the distant user certificate
> (195.212.109.202).
>
> like this: rightid="C=fr, ST=ile-de-france, L=paris, O=toto,
> CN=user01desuri.....
>
> if I put: rightcert=user01desuri.crt -----------> it does not work!
> if I put: rightcert=%cert---------------------------> it does not work!
>
> the error message is:
> ....
> 108 "testvpnda" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 010 "testvpnda" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
> 003 "testvpnda" #1: we require peer to have ID '195.212.109.202', but
> peer declares 'C=fr, ST=ile-de-france, L=paris, O=toto,
> CN=user01desuri.......
> 218 "testvpnda" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION

Do you have:
leftrsasigkey=%cert
rightrsasigkey=%cert

in your conn or default section?

Paul


More information about the Users mailing list