[Openswan Users] strange openswan 2.6 errors
Michael H. Warfield
mhw at WittsEnd.com
Mon May 11 09:23:36 EDT 2009
On Mon, 2009-05-11 at 09:01 -0400, Paul Wouters wrote:
> On Mon, 11 May 2009, Michael H. Warfield wrote:
>
> >> No luck also with left and rightid=%fromcert. Result is the same.
> >
> > Oh, one thing I noticed playing with this... These are order
> > dependent. Make sure you declare rightid=%fromcert AFTER you declare
> > rightrsasigkey=%cert and you can't declare rightid=%fromcert in the
> > default and then declare the rightrsasigkey=%cert in the conn. Same
> > goes for left* as well.
> that would be odd. What are the effects you see? Can you give a plutodebug=all
> log with both cases loaded to show the difference?
This was from several cycles back when we were looking at this tracking
down some bugs. I was experiencing that problem with it expecting the
IP address and you first told me about the *id=%fromcert option. It
didn't work at first (had no impact, symptoms didn't change) because I
stuck the option at the top of the conn definition in one connection but
another one was working where it was lower down. I reordered the conn
definition and it worked. After than, I just made it a point. This was
so long ago at this point, I'd probably need to go back in retest to see
if it's still a problem.
> Paul
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20090511/5fb9ed32/attachment.bin
More information about the Users
mailing list