[Openswan Users] strange openswan 2.6 errors

Michael H. Warfield mhw at WittsEnd.com
Mon May 11 10:21:29 EDT 2009

On Mon, 2009-05-11 at 09:23 -0400, Michael H. Warfield wrote:
> On Mon, 2009-05-11 at 09:01 -0400, Paul Wouters wrote:
> > On Mon, 11 May 2009, Michael H. Warfield wrote:
> > 
> > >> No luck also with left and rightid=%fromcert. Result is the same.
> > >
> > > 	Oh, one thing I noticed playing with this...  These are order
> > > dependent.  Make sure you declare rightid=%fromcert AFTER you declare
> > > rightrsasigkey=%cert and you can't declare rightid=%fromcert in the
> > > default and then declare the rightrsasigkey=%cert in the conn.  Same
> > > goes for left* as well.
> > that would be odd. What are the effects you see? Can you give a plutodebug=all
> > log with both cases loaded to show the difference?

> 	This was from several cycles back when we were looking at this tracking
> down some bugs.  I was experiencing that problem with it expecting the
> IP address and you first told me about the *id=%fromcert option.  It
> didn't work at first (had no impact, symptoms didn't change) because I
> stuck the option at the top of the conn definition in one connection but
> another one was working where it was lower down.  I reordered the conn
> definition and it worked.  After than, I just made it a point.  This was
> so long ago at this point, I'd probably need to go back in retest to see
> if it's still a problem.

	Ok...  I just went back to one of my test bed connections and couldn't
reproduce that order dependency problem.  Take the %fromcert lines out,
and the problem returns, put it back in anywhere in the conn and the
problem is gone.  Write that one off to PEBCAK on my part when we were
first debugging the ID problem way back when, I would guess.  Just

> > Paul

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20090511/c5cd6968/attachment.bin 

More information about the Users mailing list