[Openswan Users] automatic X509 certificate xchange
farajian amin
amin_o_city at yahoo.com
Tue Mar 9 06:27:22 EST 2010
Dear Tuomo
If openswan does request other side certificate , why we need to copy other side certificate to the /etc/ipsec.d/certs too.
I have the following configuration on a client as a road-warrior:
conn road-x509
left=192.168.1.210
right=%any
type=tunnel
leftcert=VPN2Cert.pem
rightcert=VPN1Cert.pem
auto=add
and for the gateway:
conn road-x509
left=192.168.1.210
right=%any
type=tunnel
leftcert=VPN2Cert.pem
rightcert=VPN1Cert.pem
auto=add
I have to copy VPN1Cert.pem and VPN2Cert.pem on both machines. I need a way ( Maybe by changing configurations in /etc/ipsec.conf) in which each side only have his own certificate , and in connection startup request other side certificate, do the validity check and run other staff. (The storage palce "memory or directory" is not important)
Thanks in advance.
Amin Farajian
----- Original Message ----
From: Tuomo Soini <tis at foobar.fi>
To: farajian amin <amin_o_city at yahoo.com>
Cc: users at openswan.org
Sent: Tue, March 9, 2010 2:28:49 PM
Subject: Re: [Openswan Users] automatic X509 certificate xchange
farajian amin wrote:
> i dont want to copy each side cert to the other side manually. Can
> openswan request other side certificate and download it to the proper
> directory and then establish the connection? Is there any
> configuration script?
Openswan does do certificate request but it won't store remote
certificate locally, it's only stored in memory.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list