[Openswan Users] Re: Hi, one minor problem

Paul Wouters paul at xelerance.com
Tue Feb 28 07:06:07 CET 2006


On Tue, 28 Feb 2006, utkarsh shah wrote:

>     thanks, but still doesn't work :(
>
>     as you suggested i tried and placed leftid=@server and rightid=@client
> but still it gives same thing
>
>     error
>         023 authentication method disagrees with "test2", which is also for
> an unspecified peer
>         037 attempt to load incomplete connection

strange

> conn test

>         left=181.7.7.254

Can you try putting the X.509 RDN as the id? eg the "subject" of the
certificate (can be seen with openssl x509 -in /etc/ipsec.d/Default.pem -subject -noout)
I would also change the "/" for "," and leave out the first "/". And use E= instead of
emailAddress. eg in my case:

# openssl x509 -in neweastCert.pem -subject -noout
subject= /C=CA/ST=Ontario/O=Xelerance/OU=Support Staff/CN=neweast.xelerance.com/emailAddress=neweast at xelerance.com

Then use a leftid="C=CA, ST=Ontario, O=Xelerance, OU=Support Staff, CN=neweast.xelerance.com E=neweast at xelerance.com"

Leave out a rightid= statement here.

Paul


More information about the Users mailing list