[Openswan Users] Accepting any certificate signed by same
authority
Andy
fs at globalnetit.com
Fri Feb 24 16:27:04 CET 2006
On Fri, 2006-02-24 at 15:01 -0500, Christian Brechbühler wrote:
> However when I leave out "rightcert=vpn.pem" the client (left=lithium)
> will no longer connect to the gateway (right=vpn). It says that "we
> require peer to have ID '6.6.6.6'". How can I NOT require that?
>
Use "rightid", not rightcert. Set the ID to match what the other end
sends - looking back at your earlier message that will be
rightid="C=US, ST=Massachusetts, L=Boston, O=E, CN=vpn, E=brechbuehler at gmail.com"
> Do I have a configuration mistake?
Yes. :)
> Or do I need to upgrade? I'm running openswan 2.4.4 on kernel 2.6.9-1.11_FC2.
Old kernel, may give you trouble later. But fix this IKE identity
exchange issue first.
--
Andy <fs at globalnetit.com>
More information about the Users
mailing list