[Openswan Users] Can openswan one-way certification !

chenyq chenyq at mail.si.net.cn
Wed Apr 1 21:48:41 EDT 2009 

I  am come from china ,my english is very poor ! and need some one can help me ! i just want one-way certification ,thany u !
now let\s begin 

Topology

                 gw-left(eth0)-------(eth1)route(eth0)---------(eth0)gw-right

gw-left: eth0 192.168.1.2 
route   : eth0 192.168.2.1 eth1 192.168.1.1
gw-right: eth0 192.168.2.2

my ipsec.conf config:

gw-right:
conn %default
        authby=rsasig
        compress=yes
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyingtries=1
        disablearrivalcheck=no
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# sample VPN connections, see /etc/ipsec.d/examples/
conn x509
        left=192.168.1.2
        leftsubnet=10.0.0.0/8
        leftcert=left.pem
        leftnexthop=%defaultroute
        right=192.168.2.2
        rightsubnet=172.16.1.0/24
        rightid=192.168.2.2
        #rightcert=right.pem
        rightnexthop=%defaultroute
        pfs=no
        auto=add

gw-left:
conn %default
        authby=rsasig
        compress=yes
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyingtries=1
        disablearrivalcheck=no
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# sample VPN connections, see /etc/ipsec.d/examples/
conn x509
        left=192.168.1.2
        leftsubnet=10.0.0.0/8
        leftcert=left.pem
        leftnexthop=%defaultroute
        right=192.168.2.2
        rightid=192.168.2.2
        rightsubnet=172.16.1.0/24
        #rightcert=right.pem
        rightnexthop=%defaultroute
        pfs=no
        auto=add

 
when i from gw-right send request , and it fail !
log :
gw-left:/etc# startipsec x509
104 "x509" #2: STATE_MAIN_I1: initiate
003 "x509" #2: received Vendor ID payload [Openswan (this version) 2.4.6  X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "x509" #2: received Vendor ID payload [Dead Peer Detection]
003 "x509" #2: received Vendor ID payload [RFC 3947] method set to=110
106 "x509" #2: STATE_MAIN_I2: sent MI2, expecting MR2
003 "x509" #2: NAT-Traversal: Result using 3: no NAT detected
108 "x509" #2: STATE_MAIN_I3: sent MI3, expecting MR3
003 "x509" #2: no RSA public key known for '192.168.2.2'
217 "x509" #2: STATE_MAIN_I3: INVALID_KEY_INFORMATION

best regard !
2009-04-02 



致
     礼!
     

    研发测试:陈永泉
    福建省海峡信息技术有限公司
    福州市北环西路108号 P.C:350003
    Tel:(0591)87303715

    http://www.si.net.cn
    http://www.heidun.net

    E-mail: chenyq at mail.si.net.cn 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090402/0925fa85/attachment.html

More information about the Users mailing list