[Openswan Users] OpenSwan and iPhone again
Paul Wouters
paul at xelerance.com
Tue Sep 13 20:02:29 EDT 2011
On Tue, 13 Sep 2011, Shinji Ikari wrote:
> I'm trying to configure a pure rsa+xauth ipec vpn with openswan and iphone, but during negociation that message
> appear in log:
> Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: XAUTH: Sending XAUTH Login/Password Request
> Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: XAUTH: Sending Username/Password request
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> keyingtries=1
> keylife=20m
> ikelifetime=240m
>
> conn iphone
> auto=add
> authby=rsasig
> left=172.23.253.2
> right=%any
> leftxauthserver=yes
add rightxauthclient=yes
> leftca=cacert
Is that a filename? you shouldn't really need to specify this.
> leftcert=hefesto
same here, is this a filename without extension? It should be a filename.
check if those certificates loaded with ipsec auto --listall
> leftrsasigkey=%cert
You might need leftmodecfg/rightmodecf, please see "man ipsec.conf" for details.
Paul
More information about the Users
mailing list