[Openswan Users] why does openswan complain INVALID_ID_INFORMATION? Resolved

sean dai sean_dai at yahoo.com
Sun Apr 30 19:12:41 CEST 2006


"Paul" wrote:

> You don't need to put in the rightid, it will come
from the certificate.

The problem was caused by the mismatch between the
rightid in isec.conf and the id the west received from
the peer. In west's ipsec.conf, I specified: 

rightid="C=ca, ST=ontario, O=xelerance, L=toronto,
OU=support staff, CN=east, e=east at xelerance.com"

The id from the east was:
"C=ca, ST=ontario, O=xelerance, OU=support staff,
CN=east, e=east at xelerance.com"

Either I remove rightid from ipsec.conf, as Paul
suggested, or I correct rightid to match with what the
east sends over, the ipsec connection will be
established successfully.  Thanks, Paul.

/sean


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Users mailing list