[Openswan Users] Re: Hi, one minor problem
Paul Wouters
paul at xelerance.com
Tue Feb 28 07:06:07 CET 2006
On Tue, 28 Feb 2006, utkarsh shah wrote:
> thanks, but still doesn't work :(
>
> as you suggested i tried and placed leftid=@server and rightid=@client
> but still it gives same thing
>
> error
> 023 authentication method disagrees with "test2", which is also for
> an unspecified peer
> 037 attempt to load incomplete connection
strange
> conn test
> left=181.7.7.254
Can you try putting the X.509 RDN as the id? eg the "subject" of the
certificate (can be seen with openssl x509 -in /etc/ipsec.d/Default.pem -subject -noout)
I would also change the "/" for "," and leave out the first "/". And use E= instead of
emailAddress. eg in my case:
# openssl x509 -in neweastCert.pem -subject -noout
subject= /C=CA/ST=Ontario/O=Xelerance/OU=Support Staff/CN=neweast.xelerance.com/emailAddress=neweast at xelerance.com
Then use a leftid="C=CA, ST=Ontario, O=Xelerance, OU=Support Staff, CN=neweast.xelerance.com E=neweast at xelerance.com"
Leave out a rightid= statement here.
Paul
More information about the Users
mailing list