[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338‏

Paul Wouters paul at xelerance.com
Fri May 15 21:54:00 EDT 2009

On Fri, 15 May 2009, Marcos Hacker wrote:

> Thanks for the information. We ended up having to put the Netgear's
> (right) public certificate on our Linux (left) machine and specify it as
> part of the "rights" parameters . We were expecting messages 5 & 6 to
> contain the certificate.

leftsendcert=always  in ipsec.conf or --sendcert as whack paramter.

> ipsec whack --name vpn_tunnel
> --encrypt
> --tunnel
> --ike 3des-md5-modp1024
> --esp 3des-md5
> --compress
> --dpdaction hold
> --ikelifetime 28800
> --rsasig
> --host
> --client
> --nexthop %direct
> --updown "ipsec _updown"
> --sendcert always
> --cert /etc/ipsec.d/clientcert.pem                    <-- Linux (left)

hmm which is what you have.... Why are you using whack and not ipsec.conf?

run ipsec auto --listall to see if the certificate was send and received


More information about the Users mailing list