[Openswan Users] is it normal ?
david
david2005.p at gmail.com
Wed Jun 15 11:44:43 CEST 2005
2005/6/14, Paul Wouters <paul at xelerance.com>:
> On Tue, 14 Jun 2005, david wrote:
>
> > Is it normal that when i am trying to establish a VPN with a user, I
> > can only set in my ipsec.conf the id of the distant user certificate
> > (195.212.109.202).
> >
> > like this: rightid="C=fr, ST=ile-de-france, L=paris, O=toto,
> > CN=user01desuri.....
> >
> > if I put: rightcert=user01desuri.crt -----------> it does not work!
> > if I put: rightcert=%cert---------------------------> it does not work!
> >
> > the error message is:
> > ....
> > 108 "testvpnda" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > 010 "testvpnda" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
> > 003 "testvpnda" #1: we require peer to have ID '195.212.109.202', but
> > peer declares 'C=fr, ST=ile-de-france, L=paris, O=toto,
> > CN=user01desuri.......
> > 218 "testvpnda" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
>
> Do you have:
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> in your conn or default section?
>
> Paul
>
That is what I have :
--------------------------------
config setup
klipsdebug=none
plutodebug=none
crlcheckinterval=600
conn %default
keyingtries=0
authby=rsasig
conn testvpnda
left=195.212.109.203
leftcert=user02desuri.crt
right=195.212.109.202
rightid="C=fr, ST=ile-de-france, L=paris, O=toto, CN=user01desuri......
auto=add
--------------------------------
And on the target end:
-----------------------------
.....
conn testvpnda
left=195.212.109.202
leftcert=user01desuri.crt
right=%any
auto=add
--------------------------------
Should I have to change anything ?
david
More information about the Users
mailing list