[Openswan Users] Creating Win XP vpn connection
peters at exemplar-associates.com
peters at exemplar-associates.com
Thu Apr 27 11:41:40 CEST 2006
On Wednesday, 26 April 2006 18:43:26, Paul Wouters wrote:
> On Wed, 26 Apr 2006, peters=40exemplar-associates.com wrote:
>=20
> > I am working on two issues with establishing the ipsec connection
> >
> > 1. =3D22no suitable connection for peer=3D22 error.
> > 2. the ipsec.secrets file is not working.
>=20
> 1 might be caused by 2.
>=20
> > Xray:=3D7E=3D24 sudo ipsec secrets
> > Enter secret:
> > 040 need passphrase for =
'/etc/ipsec.d/private/xray.exemplarassociates.key'
> > 004 valid passphrase, private key loaded successfully
>=20
>=20
> So that reads in the key, but did the corresponding public key and =
certificate
> load?
I don't think they did, those are the only 2 messages.
=20
> > ipsec auto --listall
> > only shows the CA and 2 revoked certificates which is odd.
>=20
> That still makes sense if your gateway's configured public cert has =
expired
> or was revoked in a CRL you load. Do you have a leftcert=3D that loads the
> gateway's certificate that corresponds to the private key you are loading?
There is no leftcert=3D in the ipsec.conf. What should this entry
look like ? Should it contain the full path to the .pem file ?
The ipsec.secrets has one line:
: RSA /etc/ipsec.d/private/xray.exemplarassociates.key %prompt
=20
> > Checking for RSA private key (/etc/ipsec.secrets) =
=3D5BFAILED=3D5D
> > ipsec showhostkey: no default key in =3D22/etc/ipsec.secrets=3D22
>=20
> That's fine, since you use X.509, not raw RSA.
Ok, that's good to know.
Regards,
Peter
More information about the Users
mailing list