[Openswan Users] strange openswan 2.6 errors
Michael H. Warfield
mhw at WittsEnd.com
Mon May 11 08:19:52 EDT 2009
On Mon, 2009-05-11 at 10:38 +0200, Marek Greško wrote:
> Dňa Ut 24. Február 2009 ste napísali:
> > On Tue, 24 Feb 2009, Marek Greško wrote:
> > > I cannot get Fedora's openswan-2.6.19-1.fc10 to connect to
> openswan 2.4.
> > > It complains about:
> > >
> > > we require peer to have ID 'xxx.xxx.xxx.xx', but peer declares
> 'C=SK,
> > > ......'
> > >
> > > I have left and right set to public ip addresses and leftid
> rightid to
> > > subject dn on both sides. I am almost sure certificates are loaded
> > > properly.
> > >
> > > What am I doing wrong?
> >
> > On the 2.6 side, use leftid=%fromcert
> >
> > Paul
> No luck also with left and rightid=%fromcert. Result is the same.
Oh, one thing I noticed playing with this... These are order
dependent. Make sure you declare rightid=%fromcert AFTER you declare
rightrsasigkey=%cert and you can't declare rightid=%fromcert in the
default and then declare the rightrsasigkey=%cert in the conn. Same
goes for left* as well.
> --
> Marek Greško
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20090511/9ea2d184/attachment-0001.bin
More information about the Users
mailing list