[Openswan Users] Openswan and V-IPSecure
JT Edwards
tstrike34 at gmail.com
Wed Sep 2 11:26:42 EDT 2009
Hi Paul good morning to you....
Ok so I need to back rev to 2.4 from 2.6.20? Ok will do let me rework this
and circle back. Thank you for your wonderful advice.... I sincerely
appreciate it....
Will post back later...
JT
JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com
--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Wednesday, September 02, 2009 11:24 AM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: "Erich Titl" <erich.titl at think.ch>; <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure
> On Wed, 2 Sep 2009, JT Edwards wrote:
>
>> Sep 2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1:
>> Main mo de peer ID is ID_FQDN: '@chipper.dyndns.org'
>
>> type=transport
>> left=22.34.33.26
>> leftid=@wizbang.me.org
>> leftrsasigkey=%cert
>> leftcert=/etc/ipsec.d/certs/aittorden.pem
>> leftprotoport=17/1701
>> right=%any
>> rightca=%same
>> rightid=@chipper.dyndns.org
>> rightrsasigkey=%cert
>
> Why are you not using the X.509 RDN's for ids?
>
> The normal setup here would be to have leftid=%fromcert on openswan 2.6 or
> no leftid= on openswan 2.4, and no rightid= at all. Then the certificate
> RDN
> will be used. Maybe add an leftsendcert=always to convince the other end
> to use its cert too?
>
>> rightprotoport=17/0
>
> use 17/%any
>
> Also use openswan 2.4 due to bug #1004.
>
> Paul
More information about the Users
mailing list