[Openswan Users] RES: Can use the character "/" in my rightid DN?

Mendes, Marco Marco.Mendes at avocent.com
Fri Nov 24 06:52:30 EST 2006

Thanks for your response!

Actually, I could make it work by taking the rightid parameter out and
including the rightcert into the ipsec.conf. It means that I had to put
the Cisco certificate (pem format) into my Linux machine in order to
Openswan reads the Cisco ID without having to declare it with those
strange characters.
Do you guys see any security problems by putting the Cisco certificate
into my remote Linux machines?

Thanks in advance,

Marco Mendes. 


-----Mensagem original-----
De: Paul Wouters [mailto:paul at xelerance.com] 
Enviada em: quinta-feira, 23 de novembro de 2006 23:06
Para: Mendes, Marco
Cc: users at openswan.org
Assunto: Re: [Openswan Users] Can use the character "/" in my rightid

On Tue, 21 Nov 2006, Mendes, Marco wrote:

> I am configuring a VPN connection between a Cisco router and a Linux
> Machine running Openswan.
> Everything was working fine until I had to put the original DN that
> primarily configured in the Cisco router:
> C=BR, ST=Brazil, O=Teste Brasileiro S/A,
> OU=Saneamento&Eletricidade/GN/TBOM, CN=CISCO
> As you can see, there are some "dashes" in the O and OU fields that I
> supposed are being interpreted as commas.

That, and the "&" symbol is going to cause problems.

> My question is: Is there any way to keep those dashes in the
> fields? My problem is that the Cisco router is already configured and
> has a lot of other Cisco peers, meaning that would be a pain to
> reconfigure the CA without these characters and the entire network.

You can try masking them using a \, I don't know if that will work. But
are really better of re-doing the CA. This is going to bite you again
and again in the future.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list