[Openswan Users] Openswan on Fedora 9

Paul Wouters paul at xelerance.com
Mon May 19 17:02:19 EDT 2008

On Sun, 18 May 2008, Michael H. Warfield wrote:

> > I found some interesting things. Upgrade to Fedora 9 rewritten
> > the /etc/ipsec.conf file. But after restoring it still does not accept
> > connections containing defaultorute in any left, right, or any nexthop even
> > when the interfaces=%defaultroute is in the setup section.
> > What could be the problem?
> 	Not sure about your problem or with %defaultroute but that's not the
> only problem, I haven't been able to get it to work either and it caused
> some serious breakage after upgrading some systems.  I had to pull it
> out entirely and downgrade to 2.4.9 from Fedora 8 (I'll trying building
> a 2.4.12 rpm later).
> 	My problem is in X.509 cert handling.  The problem looks like it's not
> handling cert DNs as the Main ID.

You are caught by the "refine connection" bug. Try adding rightca=%any

Please also add oe=off in "config setup".


More information about the Users mailing list