[Openswan Users] Can use the character "/" in my rightid DN?
Mendes, Marco
Marco.Mendes at avocent.com
Tue Nov 21 18:35:08 EST 2006
Hello all,
I am configuring a VPN connection between a Cisco router and a Linux
Machine running Openswan.
Everything was working fine until I had to put the original DN that was
primarily configured in the Cisco router:
C=BR, ST=Brazil, O=Teste Brasileiro S/A,
OU=Saneamento&Eletricidade/GN/TBOM, CN=CISCO
As you can see, there are some "dashes" in the O and OU fields that I
supposed are being interpreted as commas.
My question is: Is there any way to keep those dashes in the respective
fields? My problem is that the Cisco router is already configured and
has a lot of other Cisco peers, meaning that would be a pain to
reconfigure the CA without these characters and the entire network.
Here is my ipsec.conf
conn test
keyexchange=ike
left=%defaultroute
leftsendcert=always
leftcert=/etc/ipsec.d/certs/client-st02-cert.pem
leftsubnet=X.X.X.X/32
leftsourceip=X.X.X.X
right=200.230.X.X
rightid="C=BR, ST=Brazil, O=Teste Brasileiro S/A,
OU=Saneamento&Eletricidade/GN/TBOM, CN=CISCO"
rightca=%same
rightsubnet=X.0.0.0/8
rightrsasigkey=%cert
pfs=no
ikelifetime=300s
rekeymargin=9s
rekeyfuzz=0%
keylife=120s
esp=3des-md5-96
keyingtries=0
auto=start
Openswan does not accept the rightid configuration and I think the
reason why is because the dashes in the middle of the fields "O" and
"OU".
Any help would be helpful.
Thanks,
Marco Mendes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061121/22c1723f/attachment-0001.html
More information about the Users
mailing list