[Openswan Users] Stuck with rekeying problem, initiated QM from
Openswan
Jacco de Leeuw
jacco2 at dds.nl
Sun May 22 01:29:40 CEST 2005
Steffen Becker wrote:
> I would but I'm unable to patch IPCop myself in an appropriate way.....
> Maybe someone knows how to do that?
In that case it is probably better to leave it up to the IPCop people.
I assume that you have used the following Howto?
http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer
In that case your ipsec.conf probably looks like this:
conn RoadWarriorX509
left=xxx.xxx.xxx.xxx
leftnexthop=%defaultroute
leftprotoport=17/1701
leftcert=/var/ipcop/certs/hostcert.pem
right=%any
rightrsasigkey=%cert
rightprotoport=17/1701
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=rsasig
pfs=no
auto=add
The DPD lines won't have any effect because Windows does not support
IPsec Dead Peer Detection.
I assume the root certificate has been created in /var/ipcop/ca/cacert.pem?
Do you see Openswan pick it up? Did you have to copy it to
/etc/ipsec.d/cacerts? What if you add rightca=%same?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list