[Openswan Users] Use of subjectAltName

Erich Titl erich.titl at think.ch
Tue Oct 26 18:36:42 EDT 2010


Hi Folks

I am trying to establish a certificate based connection to a Zywall 5,
which is the initiator. The Zywall sends me the email address of the
certificate as an ID and my (old 2.4.7) version of OpenSwan seems unable
to find the corresponding certificate.

The certificate has subjectAltName defined as the email address.

Is there a keyword required to use subjectAltName as rightid in OpenSwan?

> Oct 26 09:45:20 gatekeeper-internal pluto[20194]: "REMOTENAME"[26] right.ip.add.ress #92738: Main mode peer ID is ID_USER_FQDN: 'email at dom.ain'
> Oct 26 09:45:20 gatekeeper-internal pluto[20194]: "REMOTENAME"[26] right.ip.add.ress #92738: no suitable connection for peer 'email at dom.ain'
> Oct 26 09:45:20 gatekeeper-internal pluto[20194]: "REMOTENAME"[26] right.ip.add.ress #92738: sending encrypted notification INVALID_ID_INFORMATION to right.ip.add.ress:500
> Oct 26 09:46:29 gatekeeper-internal pluto[20194]: "REMOTENAME"[26] right.ip.add.ress #92738: max number of retransmissions (2) reached STATE_MAIN_R2
> Oct 26 09:46:29 gatekeeper-internal pluto[20194]: "REMOTENAME"[26] right.ip.add.ress: deleting connection "REMOTENAME" instance with peer right.ip.add.ress {isakmp=#0/ipsec=#0}


Thanks

ET


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101027/1f7e88f3/attachment-0001.bin 


More information about the Users mailing list