[Openswan Users] strange openswan 2.6 errors
Paul Wouters
paul at xelerance.com
Mon May 11 09:00:42 EDT 2009
On Mon, 11 May 2009, Marek Greško wrote:
> I have
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> only in the default section and
> leftid=%fromcert
> rightid=%fromcert
> only in the tunnel definition. I expect the defaults are loaded prior to tunnel definition. Isn't
> it?
You can't have all certs and all ids come in via IKE. You need to point to one
cert on disk at least for the local end, so you need at least one of
leftcert=filename / rightcert=filename
> I also do not want to have fromcert in the id, just testing it because of Paul's suggestion. I
> would like to use full id string (Subject DN) there.
You can specify that with rightid=, but you need to use %fromcert on the side
that you load from disk locally (eg with leftcert=filename)
Paul
More information about the Users
mailing list