[Openswan Users] strange openswan 2.6 errors
Marek Greško
gresko at thr.sk
Mon May 11 10:22:21 EDT 2009
Dňa Po 11. Máj 2009 ste napísali:
> On Mon, 11 May 2009, Marek Greško wrote:
> > I have
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > only in the default section and
> > leftid=%fromcert
> > rightid=%fromcert
> > only in the tunnel definition. I expect the defaults are loaded prior to
> > tunnel definition. Isn't it?
>
> You can't have all certs and all ids come in via IKE. You need to point to
> one cert on disk at least for the local end, so you need at least one of
> leftcert=filename / rightcert=filename
I have leftcert/rightcert paths specified.
>
> > I also do not want to have fromcert in the id, just testing it because of
> > Paul's suggestion. I would like to use full id string (Subject DN) there.
>
> You can specify that with rightid=, but you need to use %fromcert on the
> side that you load from disk locally (eg with leftcert=filename)
I tried it exactly this way with the same results. The same config works if I
downgrade the openswan 2.6 end to 2.4.
Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090511/9986a217/attachment.html
More information about the Users
mailing list