[Openswan Users] oakley.log for letoto
James
james at nttmcl.com
Fri Jun 1 20:19:29 EDT 2007
James wrote:
> Jacco de Leeuw wrote:
>
>>> This is my new config:
>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:xxx.xxx.xxx.192/27
>>>
>>>
>> Your internal subnet has to be excluded, not included.
>> I.e. %v4:!xxx.xxx.xxx.192/27
>>
>>
>>> conn roadwarrior-l2tp-old
>>>
>> Drop this section and tell clients to install SP2 or the NAT-T update.
>>
>>
>>> Still the same problems
>>> Oakley log looks pretty much the same
>>>
>> Your Openswan log will be much more interesting.
>>
>> Jacco
>>
> did as your recommendations and removed the l2tp-old and my subnet from
> the virtualprivate parameter but everything looks the same.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
oh also on the windows side the built in xp client says
"no valid machine certificate on your computer for security authentication"
i used certimport.exe to import the .p12 file
my exact steps are as follows
/usr/lib/ssl/misc/CA.sh -newreq
this generates newkey.pem and newreq.pem
so i do this:
cat newkey.pem newreq.pem > new.pem
mv new.pem newreq.pem
/usr/lib/ssl/misc/CA.sh -sign
this results in newcert.pem
openssl pkcs12 -export -inkey newreq.pem -in newcert.pem -certfile
demoCA/cacert.pem -out client.p12
More information about the Users
mailing list