[Openswan Users] L2TP/IPsec X.509 and Dynamic RSA?
Paul Wouters
paul at xelerance.com
Fri Nov 17 11:26:39 EST 2006
On Fri, 17 Nov 2006, Peter McGill wrote:
> Alright, my connection works without the L2TP/IPSec X.509 stuff.
> But when I add that stuff, and restart both sides, it stops working, details
> follow.
> conn mcgill-home-net-to-london-office-net
> conn mcgill-home-net-to-london-office-server
> conn remote-client-to-london-office-server
> ipsec.secrets:
> # sheridan's RSA
> 66.11.74.93 @sheridan.london.goco.net
> 69.159.228.59 @delenn.stmarys.goco.net
> 209.162.226.246 @sinclair.paris.goco.net
> 69.63.33.181 @franklin.thorndale.goco.net
> @newton.mcgill.stmarys.on.ca
> : RSA {
> removed
> ...
> }
>
> # sheridan's Certificate
> 66.11.74.93 @sheridan.london.goco.net
> %any
> : RSA /etc/ipsec.d/private/sheridan-private.key
Can you try only putting sheridan's "id" into the raw RSA key line
asidentifier, and then not put the "@sheridan.london.goco.net" in
the key file identifier. Right now, "@sheridan.london.goco.net"
appears for both RSA keys, so pluto can pick the wrong one.
Paul
More information about the Users
mailing list