[Openswan Users] strange openswan 2.6 errors
gresko at thr.sk
Thu May 28 08:52:22 EDT 2009
Dňa Po 11. Máj 2009 ste napísali:
> On Mon, 11 May 2009, Marek Greško wrote:
> > I have
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > only in the default section and
> > leftid=%fromcert
> > rightid=%fromcert
> > only in the tunnel definition. I expect the defaults are loaded prior to
> > tunnel definition. Isn't it?
> You can't have all certs and all ids come in via IKE. You need to point to
> one cert on disk at least for the local end, so you need at least one of
> leftcert=filename / rightcert=filename
> > I also do not want to have fromcert in the id, just testing it because of
> > Paul's suggestion. I would like to use full id string (Subject DN) there.
> You can specify that with rightid=, but you need to use %fromcert on the
> side that you load from disk locally (eg with leftcert=filename)
I am still struggling with the issue with no luck. Here is modified part of
ipsec barf containing the config file dump:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
#< /etc/ipsec.d/aa-default.conf 1
#< /etc/ipsec.d/aa-no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
#< /etc/ipsec.d/ipsec.his-mine.conf 1
#rightid="C=SK, ..... mine"
I am still getting: we require peer to have ID 'hispublicip', but peer
declares 'C=SK, ....... his'
I am sure I have certificates loaded. When using ipsec barf I also see remote
I suspect I should have some problem in configuration, but still cannot find
any. Do you have any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users