[Openswan Users] Openswan and V-IPSecure

JT Edwards tstrike34 at gmail.com
Fri Sep 11 15:39:53 EDT 2009


OMG was it that simple.... I am such an idiot.... Ok let me go make the 
changes.... (falls out of chair laughing).

Will circle back Paul. Again many thanks....

JT


JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com

--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Friday, September 11, 2009 3:38 PM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and V-IPSecure

> On Fri, 11 Sep 2009, JT Edwards wrote:
>
>> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: Main mode peer ID 
>> is ID_DER_ASN1_DN: 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
>> Sep 11 14:20:04 whiskers pluto[31676]: "ait-torden" #2: no suitable 
>> connection for peer 'C=US, ST=TX, L=Austin, O=AutomaticIT, OU=Executive'
>
>> conn ait-torden
>>       auto=start
>>       authby=rsasig
>>       rekey=no
>>       type=tunnel
>>       left=22.123.34.56
>>       leftcert=/etc/ipsec.d//certs/ait2torden.pem
>>       leftrsasigkey=/etc/ipsec.d/private/ca_key.pem
>
> Either use leftcert= or leftrsasigkey=, not both. In this case you want 
> leftcert.
>
>>       leftsendcert=always
>>       leftid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
>>       right=12.234.22.224
>>       # rightid="C=US/ST=TX/L=Austin/O=AutomaticIT/OU=Executive"
>>       rightrsasigkey=/etc/ipsec.d/private/ca_key.pem
>
> leave out rightrsasigkey=
> add:
>  rightca=%same
>
> left/rightrsasigkey is for raw RSA keys. left/rightcert= is for RSA in 
> X.509 certs.
>
> Paul 



More information about the Users mailing list