[Openswan Users] Openswan on Fedora 9
Paul Wouters
paul at xelerance.com
Mon May 19 17:02:19 EDT 2008
On Sun, 18 May 2008, Michael H. Warfield wrote:
> > I found some interesting things. Upgrade to Fedora 9 rewritten
> > the /etc/ipsec.conf file. But after restoring it still does not accept
> > connections containing defaultorute in any left, right, or any nexthop even
> > when the interfaces=%defaultroute is in the setup section.
>
> > What could be the problem?
>
> Not sure about your problem or with %defaultroute but that's not the
> only problem, I haven't been able to get it to work either and it caused
> some serious breakage after upgrading some systems. I had to pull it
> out entirely and downgrade to 2.4.9 from Fedora 8 (I'll trying building
> a 2.4.12 rpm later).
>
> My problem is in X.509 cert handling. The problem looks like it's not
> handling cert DNs as the Main ID.
You are caught by the "refine connection" bug. Try adding rightca=%any
Please also add oe=off in "config setup".
Paul
More information about the Users
mailing list