[Openswan Users] Roadwarrior setup to Draytek Vigor
Muenz, Michael
m.muenz at spam-fetish.org
Mon Mar 4 02:48:20 EST 2013
Am 02.03.2013 22:42, schrieb Thorsten Meinl:
> Hi Michael,
>
> Thanks for your support, I have discovered and successfully solved the
> problem! For the record: while setting up the connection I got these two
> messages in the syslog:
>
> Mar 02 22:31:09 [pluto] "zurich" #3: issuer cacert not found
> Mar 02 22:31:09 [pluto] "zurich" #3: X.509 certificate rejected
>
> I thought those were only warning since the IPSEC connection was
> established successfully ("IPsec SA established tunnel mode"). However,
> I couldn't reach any of the hosts on the other side. I then copied the
> CA certificate to /etc/ipsec.d/cacerts and now it magically works.
Hey Thorsten,
that's why I sad you should try with PSK, rsasig is pain in the ass. :)
> BTW, this behaviour of OpenSwan violates my former university
> professor's priniciple of the least possible astonishment. Reporting
> success with a broken configuration is not something you expect.
Yep, that's not good!
> Cheers,
>
> Thorsten
Thanks for sharing!
Michael
--
www.muenz-it.de
- Cisco, Linux, Networks
More information about the Users
mailing list