[Openswan Users] Accepting any certificate signed by same authority

Andy fs at globalnetit.com
Fri Feb 24 16:27:04 CET 2006


On Fri, 2006-02-24 at 15:01 -0500, Christian Brechbühler wrote:

> However when I leave out "rightcert=vpn.pem" the client (left=lithium)
> will no longer connect to the gateway (right=vpn).  It says that "we
> require peer to have ID '6.6.6.6'".  How can I NOT require that?
> 
Use "rightid", not rightcert. Set the ID to match what the other end
sends - looking back at your earlier message that will be

  rightid="C=US, ST=Massachusetts, L=Boston, O=E, CN=vpn, E=brechbuehler at gmail.com"


> Do I have a configuration mistake?
Yes. :)

> Or do I need to upgrade?  I'm running openswan 2.4.4 on kernel  2.6.9-1.11_FC2.
Old kernel, may give you trouble later. But fix this IKE identity
exchange issue first.


-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list