[Openswan Users] X.509 and PLAIN mixed possible???
Drees Stefan
s_drees at c-c.de
Thu Sep 29 18:21:21 CEST 2005
Hello,
i hope someone can help me.
Some of our customers are using openswan with plain RSA keys, about 8 office connections.
Now our customer wants to connect some roadwarrior with certificates using NCP VPN-Client.
I created an RootCA and certificates. The connection is build up successful, but i got many error messages
because i had two ": RSA ..." entries in ipsec.secrets. One using plain RSA key and one using RSA certificate.
I don´t want to reconfigure all vpn connections, so i thought i can use IDs to make the connections
unique. I want to make one entry for every roadwarrior connection in ipsec.secrets:
<DN1>: RSA vpngw.pem <passphrase>
<DN2>: RSA vpngw.pem <passphrase>
<DN3>: RSA vpngw.pem <passphrase>
But it doesn´t work. Whatever i insert in ipsec.secrets (correct or wrong DN), the connection is running.
Can someone tell me, why using different ids (DN) in ipsec.secrets doesn´t work?
ipsec.conf
conn ncp
left=x.x.x.x
leftsubnet=10.1.1.0/24
leftrsasigkey=%cert
leftnexthop=%defaultroute
leftcert=vpngw.pem
right=%any
rightsubnet=10.1.1.2/32
rightrsasigkey=%cert
authby=rsasig
auto=add
keyingtries=0
pfs=yes
ipsec.secrets
C=DE,....OU=VPN,....: RSA vpngw.key <passphrase>
Thanks in advance.
Stefan Drees
Computer & Communication GmbH
Gewerbepark 16
59069 Hamm
Tel.: +49 2385 922040
Fax.: +49 2385 9220400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050929/5a2b84d3/attachment.htm
More information about the Users
mailing list