[Openswan Users] Openswan <-> WinXp with L2TP and X.509 behind NATs not working
Paul Wouters
paul at xelerance.com
Sat Nov 18 21:19:12 EST 2006
On Sat, 18 Nov 2006, Florian Hackenberger wrote:
> I've got a problem with the following setup:
>
> WinXP (192.168.0.37) -> 192.168.0.254 -> (88.117.175.26) INTERNET
> (84.115.131.198) <- 192.168.1.1 <- Linux (192.168.1.158)
> What puzzles me a bit is the following line:
> started looking for secret for C=AT, ST=Steiermark, L=Graz, O=Home, CN=Florian
> Hackenberger, E=f.hackenberger at chello.at->88.117.175.26 of kind PPK_PSK
>
> Why PPK_PSK? Is this a typo in the code or is it really looking for a PSK?
> However one of the next lines indicates an error (at least to me):
> concluding with best_match=0 best=(nil) (lineno=-1)
Do not enable plutodebug= for configuration issues.
> One of my guesses is that pluto does either not know about my CA (I have not
> found a configuration option for specifying a CA certificate), or tries PSK
> instead of X.509 authentication (no idea why it does so).
run ipsec auto --listall to look at the certificate, CA and private key
status.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list