[Openswan Users] Stuck with rekeying problem, initiated QM from Openswan

Jacco de Leeuw jacco2 at dds.nl
Sun May 22 01:29:40 CEST 2005


Steffen Becker wrote:

> I would but I'm unable to patch IPCop myself in an appropriate way.....
> Maybe someone knows how to do that?

In that case it is probably better to leave it up to the IPCop people.

I assume that you have used the following Howto?
http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer
In that case your ipsec.conf probably looks like this:

conn RoadWarriorX509
      left=xxx.xxx.xxx.xxx
      leftnexthop=%defaultroute
      leftprotoport=17/1701
      leftcert=/var/ipcop/certs/hostcert.pem
      right=%any
      rightrsasigkey=%cert
      rightprotoport=17/1701
      dpddelay=30
      dpdtimeout=120
      dpdaction=clear
      authby=rsasig
      pfs=no
      auto=add

The DPD lines won't have any effect because Windows does not support
IPsec Dead Peer Detection.

I assume the root certificate has been created in /var/ipcop/ca/cacert.pem?
Do you see Openswan pick it up? Did you have to copy it to
/etc/ipsec.d/cacerts? What if you add rightca=%same?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list