[Openswan Users] Roadwarrior setup to Draytek Vigor

Thorsten Meinl Thorsten.Meinl at uni-konstanz.de
Sat Mar 2 16:42:47 EST 2013


Hi Michael,

Thanks for your support, I have discovered and successfully solved the
problem! For the record: while setting up the connection I got these two
messages in the syslog:

Mar 02 22:31:09 [pluto] "zurich" #3: issuer cacert not found
Mar 02 22:31:09 [pluto] "zurich" #3: X.509 certificate rejected

I thought those were only warning since the IPSEC connection was
established successfully ("IPsec SA established tunnel mode"). However,
I couldn't reach any of the hosts on the other side. I then copied the
CA certificate to /etc/ipsec.d/cacerts and now it magically works.

BTW, this behaviour of OpenSwan violates my former university
professor's priniciple of the least possible astonishment. Reporting
success with a broken configuration is not something you expect.

Cheers,

Thorsten

-- 
Dr.-Ing. Thorsten Meinl               room: Z813
Nycomed Chair for Bioinformatics      fax: +49 (0)7531 88-5132
and Information Mining                phone: +49 (0)7531 88-5016
Box 712, 78457 Konstanz, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openswan.org/pipermail/users/attachments/20130302/3f6a393a/attachment.sig>


More information about the Users mailing list