[Openswan Users] openswan + certificates + xl2tpd + no suitable connection error
Paul Wouters
paul at xelerance.com
Wed Dec 8 12:27:59 EST 2010
On Wed, 8 Dec 2010, Adam Sienkiewicz wrote:
> right=%any
> rightca=%same
try rightca=%any (assuming you trust any loaded CA anyways)
> rightid=%fromcert
> rightrsasigkey=%cert
> # Using the magic port of "0" means "any one single port". This is
> # a work around required for Apple OSX clients that use a randomly
> # high port, but propose "0" instead of their port. If that does
> # not work, try 17/%any
> rightprotoport=17/0
use 17/%any
> Dec 7 13:28:58 slack13 pluto[26544]: loading secrets from "/etc/ipsec.secrets"
> Dec 7 13:28:58 slack13 pluto[26544]: loaded private key file '/etc/ipsec.d/private/vpntest.key' (887 bytes)
> Dec 7 13:28:58 slack13 pluto[26544]: | 30 82 02 5b 02 01 00 02 81 81 00 9f 86 33 38 df
> Dec 7 13:28:58 slack13 pluto[26544]: | 00 08 12 eb 92 b6 6a 4f 91 b5 5e 17 4f 23 e0 ae
Please destroy this keypair, it seems you added "crypt" to plutodebug= so it gost posted for everyone to copy.
> Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: no suitable connection for peer 'C=PL, ST=cos, O=name1, OU=it, CN=mycert, E=myname at wp.pl'
> Dec 7 13:34:15 slack13 pluto[26544]: "l2tp-X.509"[1] 131.207.xx.xx #1: sending encrypted notification INVALID_ID_INFORMATION to 131.207.xx.xx:59780
what does ipsec auto --listall say after this?
Paul
More information about the Users
mailing list