[Openswan Users] Re: Hi, one minor problem

utkarsh shah utkarsh at elitecore.com
Tue Feb 28 15:04:16 CET 2006


Hi,

    one good news..... i changed authby="secret|rsasig" for both connection
then both connection got activated .... and now checking for
connectivity.... hope for best

    can u tell me why and how it happed....so i can understand its
fundamentals...

thanks

Regards,

Utkarsh Shah
----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "utkarsh shah" <utkarsh at elitecore.com>
Cc: <users at openswan.org>
Sent: Tuesday, February 28, 2006 11:36 AM
Subject: Re: Hi, one minor problem


>
> On Tue, 28 Feb 2006, utkarsh shah wrote:
>
> >     thanks, but still doesn't work :(
> >
> >     as you suggested i tried and placed leftid=@server and
rightid=@client
> > but still it gives same thing
> >
> >     error
> >         023 authentication method disagrees with "test2", which is also
for
> > an unspecified peer
> >         037 attempt to load incomplete connection
>
> strange
>
> > conn test
>
> >         left=181.7.7.254
>
> Can you try putting the X.509 RDN as the id? eg the "subject" of the
> certificate (can be seen with openssl x509 -in
/etc/ipsec.d/Default.pem -subject -noout)
> I would also change the "/" for "," and leave out the first "/". And use
E= instead of
> emailAddress. eg in my case:
>
> # openssl x509 -in neweastCert.pem -subject -noout
> subject= /C=CA/ST=Ontario/O=Xelerance/OU=Support
Staff/CN=neweast.xelerance.com/emailAddress=neweast at xelerance.com
>
> Then use a leftid="C=CA, ST=Ontario, O=Xelerance, OU=Support Staff,
CN=neweast.xelerance.com E=neweast at xelerance.com"
>
> Leave out a rightid= statement here.
>
> Paul
>




More information about the Users mailing list