[Openswan Users] Openswan on Fedora 9
Marek Greško
gresko at thr.sk
Tue May 20 03:19:41 EDT 2008
Dňa Po 19. Máj 2008 ste napísali:
> On Sun, 18 May 2008, Michael H. Warfield wrote:
> > > I found some interesting things. Upgrade to Fedora 9 rewritten
> > > the /etc/ipsec.conf file. But after restoring it still does not accept
> > > connections containing defaultorute in any left, right, or any nexthop
> > > even when the interfaces=%defaultroute is in the setup section.
> > >
> > > What could be the problem?
> >
> > Not sure about your problem or with %defaultroute but that's not the
> > only problem, I haven't been able to get it to work either and it caused
> > some serious breakage after upgrading some systems. I had to pull it
> > out entirely and downgrade to 2.4.9 from Fedora 8 (I'll trying building
> > a 2.4.12 rpm later).
> >
> > My problem is in X.509 cert handling. The problem looks like it's not
> > handling cert DNs as the Main ID.
>
> You are caught by the "refine connection" bug. Try adding rightca=%any
>
> Please also add oe=off in "config setup".
This also didn't help me. I have also the no_oe.conf from openswan-2.4, but
does not help.
M.
--
Marek Greško
More information about the Users
mailing list