[Openswan Users] Roadwarrior setup to Draytek Vigor
Thorsten Meinl
Thorsten.Meinl at uni-konstanz.de
Sat Mar 2 16:42:47 EST 2013
Hi Michael,
Thanks for your support, I have discovered and successfully solved the
problem! For the record: while setting up the connection I got these two
messages in the syslog:
Mar 02 22:31:09 [pluto] "zurich" #3: issuer cacert not found
Mar 02 22:31:09 [pluto] "zurich" #3: X.509 certificate rejected
I thought those were only warning since the IPSEC connection was
established successfully ("IPsec SA established tunnel mode"). However,
I couldn't reach any of the hosts on the other side. I then copied the
CA certificate to /etc/ipsec.d/cacerts and now it magically works.
BTW, this behaviour of OpenSwan violates my former university
professor's priniciple of the least possible astonishment. Reporting
success with a broken configuration is not something you expect.
Cheers,
Thorsten
--
Dr.-Ing. Thorsten Meinl room: Z813
Nycomed Chair for Bioinformatics fax: +49 (0)7531 88-5132
and Information Mining phone: +49 (0)7531 88-5016
Box 712, 78457 Konstanz, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openswan.org/pipermail/users/attachments/20130302/3f6a393a/attachment.sig>
More information about the Users
mailing list