roman roman at spreeweb.de
Fri Feb 15 14:28:24 EST 2008

Hello Group,


I wasted 2 days for diagnosing an almost simple issue in FreeSWan 1.99

I had to create a new root CA because the old one got expired and there was
no source for obtaining the old password..., I created a new root CA and new
Certs and everything seems to be ok. Unfortunately the certs did not load in
the first attempt, but moving them to the /etc/ipsec.d cured the problem.
Certs were loading fine, but connection was defferred.
AUTHENTICATION_FAILED. I did some testing and googling on the subject, but
no success. In the end ipsec auto -listall was leading to the source of
trouble.  My new CA had the same CN as one of the old ones. I know this is
mentioned in Pauls book, but never crossed that before.


@Paul: can you incorporate one or two lines of code giving a hint that 2
identical CNs are loaded? At start the program reads all CAs and they remain
in RAM, regardless of starting and stopping tunnels which use the respective
CAs. Only ipsec restart seems to erase references to already deleted CAs in






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080215/977351fe/attachment.html 

More information about the Users mailing list