[Openswan Users] Openswan and V-IPSecure

Paul Wouters paul at xelerance.com
Wed Sep 2 11:24:41 EDT 2009

On Wed, 2 Sep 2009, JT Edwards wrote:

> Sep  2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] #1:
> Main mo de peer ID is ID_FQDN: '@chipper.dyndns.org'

>        type=transport
>        left=
>        leftid=@wizbang.me.org
>        leftrsasigkey=%cert
>        leftcert=/etc/ipsec.d/certs/aittorden.pem
>        leftprotoport=17/1701
>        right=%any
>        rightca=%same
>        rightid=@chipper.dyndns.org
>        rightrsasigkey=%cert

Why are you not using the X.509 RDN's for ids?

The normal setup here would be to have leftid=%fromcert on openswan 2.6 or
no leftid= on openswan 2.4, and no rightid= at all. Then the certificate RDN
will be used. 
Maybe add an leftsendcert=always to convince the other end to use its cert too?

>        rightprotoport=17/0

use 17/%any

Also use openswan 2.4 due to bug #1004.


More information about the Users mailing list