[Openswan Users] Cisco ASA and Openswan roadwarrior with X509 certificate
janochrastina at gmail.com
Sun Aug 1 19:07:15 EDT 2010
I would like to use openswan to connect like roadwarrior to corporate
network. Windows clients use Cisco VPN Client with Active Directory personal
certificate + Xauth for authentication. Cisco ASA 5500 is a corporate
gateway. Can anybody help me how to configure openswan?
Why openswan cannot identify with either end of the connection?
Why list of CA is empty?
I exported my personal Active Directory certificate from Windows with
private key to pfx file. Then I exported certificate and private key to
separate files using openssl. CA certificate file
/etc/ipsec.d/certs/workca_b64.cer contains 2 certificates to fits hierarchy:
root CA and subordinate CA. File /etc/ipsec.d/certs/domainuser.pem contains
user certificate without private key. Private key file is in
[root at aspire ipsec.d]# more /etc/ipsec.secrets
: RSA domainuser.key ""
[root at aspire ipsec.d]# ipsec addconn Work
002 loading certificate from domainuser.pem
002 loaded host cert file '/etc/ipsec.d/certs/domainuser.pem' (3353 bytes)
002 no subjectAltName matches ID '%fromcert', replaced by subject DN
002 added connection description "Work"
[root at aspire ipsec.d]# ipsec auto --up Work
022 "Work": We cannot identify ourselves with either end of this connection.
ipsec auto --listcacerts does not show anything
ipsec auto --listcerts shows domainuser certificate signed by subordinate CA
[root at aspire ipsec.d]# ipsec --version
Linux Openswan U2.6.25/K18.104.22.168-85.fc13.i686 (netkey)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users