[Openswan Users] Openswan and V-IPSecure
Paul Wouters
paul at xelerance.com
Fri Sep 11 15:38:24 EDT 2009
On Fri, 11 Sep 2009, JT Edwards wrote:
> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: Main mode peer ID is
> ID_DER_ASN1_DN: 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: no suitable
> connection for peer 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
> conn ait-torden
> auto=start
> authby=rsasig
> rekey=no
> type=tunnel
> left=22.123.34.56
> leftcert=/etc/ipsec.d//certs/ait2torden.pem
> leftrsasigkey=/etc/ipsec.d/private/ca_key.pem
Either use leftcert= or leftrsasigkey=, not both. In this case you want leftcert.
> leftsendcert=always
> leftid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
> right=12.234.22.224
> # rightid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
> rightrsasigkey=/etc/ipsec.d/private/ca_key.pem
leave out rightrsasigkey=
add:
rightca=%same
left/rightrsasigkey is for raw RSA keys. left/rightcert= is for RSA in X.509 certs.
Paul
More information about the Users
mailing list