[Openswan Users] RES: Can use the character "/" in my rightid DN?
Mendes, Marco
Marco.Mendes at avocent.com
Fri Nov 24 06:52:30 EST 2006
Thanks for your response!
Actually, I could make it work by taking the rightid parameter out and
including the rightcert into the ipsec.conf. It means that I had to put
the Cisco certificate (pem format) into my Linux machine in order to
Openswan reads the Cisco ID without having to declare it with those
strange characters.
Do you guys see any security problems by putting the Cisco certificate
into my remote Linux machines?
Thanks in advance,
Marco Mendes.
-----Mensagem original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviada em: quinta-feira, 23 de novembro de 2006 23:06
Para: Mendes, Marco
Cc: users at openswan.org
Assunto: Re: [Openswan Users] Can use the character "/" in my rightid
DN?
On Tue, 21 Nov 2006, Mendes, Marco wrote:
> I am configuring a VPN connection between a Cisco router and a Linux
> Machine running Openswan.
>
> Everything was working fine until I had to put the original DN that
was
> primarily configured in the Cisco router:
>
> C=BR, ST=Brazil, O=Teste Brasileiro S/A,
> OU=Saneamento&Eletricidade/GN/TBOM, CN=CISCO
>
> As you can see, there are some "dashes" in the O and OU fields that I
> supposed are being interpreted as commas.
That, and the "&" symbol is going to cause problems.
> My question is: Is there any way to keep those dashes in the
respective
> fields? My problem is that the Cisco router is already configured and
> has a lot of other Cisco peers, meaning that would be a pain to
> reconfigure the CA without these characters and the entire network.
You can try masking them using a \, I don't know if that will work. But
you
are really better of re-doing the CA. This is going to bite you again
and again in the future.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list