[Openswan Users] nat-traversal configure

Michael H. Warfield mhw at WittsEnd.com
Fri Jun 5 15:54:56 EDT 2009

On Fri, 2009-06-05 at 15:42 -0400, Paul Wouters wrote:
> On Fri, 5 Jun 2009, Michael H. Warfield wrote:
> > 	Simplify your life.  Use certificates and the DN's in the certificates.
> > Then it's "leftid=%fromcert" and "rightid=%fromcert".

> Do you actually run with "rightid=%fromcert"? I don't think that works at
> all. One should just leave out the rightid, or specify the DN manually.

	Yeah, actually, that was what you recommended months ago when we were
having that problem with the ID's being IP addresses instead of DN's.
And it works like a charm.  But I do have a copy of each certificate on
the server, so it knows the DN at load time.

> Paul

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20090605/1cda892c/attachment.bin 

More information about the Users mailing list