[Openswan Users] PSK works, certificates not
Paul Wouters
paul at xelerance.com
Tue Jul 17 13:19:54 EDT 2007
On Tue, 17 Jul 2007, Arno Lehmann wrote:
> authby=rsasig
> A few steps into the conversation, I get the following messages:
> (shortened for better readability)
> > Jul 17 11:25:42 balrog pluto[20631]: | started looking for secret for C=DE, L=...->192.168.0.88 of kind PPK_PSK
> > Jul 17 11:25:42 balrog pluto[20631]: | instantiating him to 0.0.0.0
> > Jul 17 11:25:42 balrog pluto[20631]: | actually looking for secret for C=DE, L=...->0.0.0.0 of kind PPK_PSK
> > Jul 17 11:25:42 balrog pluto[20631]: | 1: compared PSK 0.0.0.0 to C=DE, L=... / 192.168.0.88 -> 2
> > Jul 17 11:25:42 balrog pluto[20631]: | 2: compared PSK 192.168.37.1 to C=DE, L=... / 192.168.0.88 -> 2
> > Jul 17 11:25:42 balrog pluto[20631]: | 1: compared PSK 0.0.0.0 to C=DE, L=... / 192.168.0.88 -> 2
> > Jul 17 11:25:42 balrog pluto[20631]: | 2: compared PSK 192.168.0.22 to C=DE, L=... / 192.168.0.88 -> 2
> > Jul 17 11:25:42 balrog pluto[20631]: | concluding with best_match=0 best=(nil) (lineno=-1)
>
> Do I read this correct that pluto does *NOT* find a secret for its own
> certificate?
Yes, it does not find a PSK because you are using RSASIG.
> From the README.x509 file, I concluded that I would not need a
> leftid= line in ipsec.conf because the DNs would be used for matching.
Yes.
Paul
More information about the Users
mailing list