[Openswan Users] Roadwarrior setup to Draytek Vigor

Muenz, Michael m.muenz at spam-fetish.org
Mon Mar 4 02:48:20 EST 2013

Am 02.03.2013 22:42, schrieb Thorsten Meinl:
> Hi Michael,
> Thanks for your support, I have discovered and successfully solved the
> problem! For the record: while setting up the connection I got these two
> messages in the syslog:
> Mar 02 22:31:09 [pluto] "zurich" #3: issuer cacert not found
> Mar 02 22:31:09 [pluto] "zurich" #3: X.509 certificate rejected
> I thought those were only warning since the IPSEC connection was
> established successfully ("IPsec SA established tunnel mode"). However,
> I couldn't reach any of the hosts on the other side. I then copied the
> CA certificate to /etc/ipsec.d/cacerts and now it magically works.

Hey Thorsten,
that's why I sad you should try with PSK, rsasig is pain in the ass. :)

> BTW, this behaviour of OpenSwan violates my former university
> professor's priniciple of the least possible astonishment. Reporting
> success with a broken configuration is not something you expect.

Yep, that's not good!
> Cheers,
> Thorsten

Thanks for sharing!


- Cisco, Linux, Networks

More information about the Users mailing list