[Openswan Users] Openswan and V-IPSecure

JT Edwards tstrike34 at gmail.com
Wed Sep 2 11:26:42 EDT 2009


Hi Paul good morning to you....

Ok so I need to back rev to 2.4 from 2.6.20? Ok will do let me rework this 
and circle back.  Thank you for your wonderful advice.... I sincerely 
appreciate it....

Will post back later...

JT

JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com

--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Wednesday, September 02, 2009 11:24 AM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: "Erich Titl" <erich.titl at think.ch>; <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure

> On Wed, 2 Sep 2009, JT Edwards wrote:
>
>> Sep  2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1:
>> Main mo de peer ID is ID_FQDN: '@chipper.dyndns.org'
>
>>        type=transport
>>        left=22.34.33.26
>>        leftid=@wizbang.me.org
>>        leftrsasigkey=%cert
>>        leftcert=/etc/ipsec.d/certs/aittorden.pem
>>        leftprotoport=17/1701
>>        right=%any
>>        rightca=%same
>>        rightid=@chipper.dyndns.org
>>        rightrsasigkey=%cert
>
> Why are you not using the X.509 RDN's for ids?
>
> The normal setup here would be to have leftid=%fromcert on openswan 2.6 or
> no leftid= on openswan 2.4, and no rightid= at all. Then the certificate 
> RDN
> will be used. Maybe add an leftsendcert=always to convince the other end 
> to use its cert too?
>
>>        rightprotoport=17/0
>
> use 17/%any
>
> Also use openswan 2.4 due to bug #1004.
>
> Paul 



More information about the Users mailing list