[Openswan Users] strange openswan 2.6 errors
Marek Greško
gresko at thr.sk
Mon May 11 08:44:23 EDT 2009
Dňa Po 11. Máj 2009 Michael H. Warfield napísal:
> On Mon, 2009-05-11 at 10:38 +0200, Marek Greško wrote:
> > Dňa Ut 24. Február 2009 ste napísali:
> > > On Tue, 24 Feb 2009, Marek Greško wrote:
> > > > I cannot get Fedora's openswan-2.6.19-1.fc10 to connect to
> >
> > openswan 2.4.
> >
> > > > It complains about:
> > > >
> > > > we require peer to have ID 'xxx.xxx.xxx.xx', but peer declares
> >
> > 'C=SK,
> >
> > > > ......'
> > > >
> > > > I have left and right set to public ip addresses and leftid
> >
> > rightid to
> >
> > > > subject dn on both sides. I am almost sure certificates are loaded
> > > > properly.
> > > >
> > > > What am I doing wrong?
> > >
> > > On the 2.6 side, use leftid=%fromcert
> > >
> > > Paul
> >
> > No luck also with left and rightid=%fromcert. Result is the same.
>
> Oh, one thing I noticed playing with this... These are order
> dependent. Make sure you declare rightid=%fromcert AFTER you declare
> rightrsasigkey=%cert and you can't declare rightid=%fromcert in the
> default and then declare the rightrsasigkey=%cert in the conn. Same
> goes for left* as well.
>
I have
leftrsasigkey=%cert
rightrsasigkey=%cert
only in the default section and
leftid=%fromcert
rightid=%fromcert
only in the tunnel definition. I expect the defaults are loaded prior to tunnel
definition. Isn't it?
I also do not want to have fromcert in the id, just testing it because of
Paul's suggestion. I would like to use full id string (Subject DN) there.
Marek
> > --
> > Marek Greško
>
> Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090511/3cc413eb/attachment.html
More information about the Users
mailing list