[Openswan Users] Openswan and V-IPSecure
Paul Wouters
paul at xelerance.com
Wed Sep 2 11:24:41 EDT 2009
On Wed, 2 Sep 2009, JT Edwards wrote:
> Sep 2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1:
> Main mo de peer ID is ID_FQDN: '@chipper.dyndns.org'
> type=transport
> left=22.34.33.26
> leftid=@wizbang.me.org
> leftrsasigkey=%cert
> leftcert=/etc/ipsec.d/certs/aittorden.pem
> leftprotoport=17/1701
> right=%any
> rightca=%same
> rightid=@chipper.dyndns.org
> rightrsasigkey=%cert
Why are you not using the X.509 RDN's for ids?
The normal setup here would be to have leftid=%fromcert on openswan 2.6 or
no leftid= on openswan 2.4, and no rightid= at all. Then the certificate RDN
will be used.
Maybe add an leftsendcert=always to convince the other end to use its cert too?
> rightprotoport=17/0
use 17/%any
Also use openswan 2.4 due to bug #1004.
Paul
More information about the Users
mailing list