[Openswan Users] OpenSwan to Strongswan RSA Problem

Matt Killock matt.killock at praemium.com
Mon Jul 10 04:53:23 EDT 2017 

Hi,

Yes some of that works, but some doesn't. The %fromcert directive looks better in the config

These configs work:

        leftcert=/etc/ipsec.d/certs/covazfw.pem
        rightcert=/etc/ipsec.d/certs/aspfw2.pem
        leftid=%fromcert
        rightid="bbbbbbbbbbbbbbbbbbb"

        leftcert=/etc/ipsec.d/certs/covazfw.pem
        rightcert=/etc/ipsec.d/certs/aspfw2.pem
        leftid=%fromcert
        rightid=%fromcert

        leftcert=/etc/ipsec.d/certs/covazfw.pem
        leftid=%fromcert
        rightid=%fromcert

(Last one seems to be saying to allow any cert from peer)

And this config doesn't work:

        leftcert=/etc/ipsec.d/certs/covazfw.pem
        leftid=%fromcert
        rightid="C=CH, O=strongSwan2, CN=aspfw2"

So it seems that for me, the rightcert needs to be there but it might not be having any effect at all!

Matt

-----Original Message-----

Just comparing with a similar setup that's working for me:
In my case I have
  leftcert=xxx.pem
  leftid=%fromcert
  rightid="DN from peer cert"

and I have no rightcert entry - shouldn't be needed as the peer sends its cert.

None of that seems to explain what you're seeing! But may be something else to try.



________________________________

Plum Software is a fully owned subsidiary of Praemium Limited.

This e-mail is confidential. It may also be legally privileged. If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return email. Internet communications cannot be guaranteed to be timely, secure, or error or virus free. The sender does not accept liability for any errors or omissions.

In the UK the Praemium Group is: Praemium Portfolio Services Ltd (Company Number: 05362168), Praemium (UK) Ltd (Company Number: 05362153), Praemium Administration Ltd (Company Number: 06016828) and Smartfund Nominees Ltd (Company Number: 07153417) each having its registered office at 4th Floor, Suite 643-659, Salisbury House, London Wall, London, EC2M 5QQ, United Kingdom. Praemium Administration Ltd is authorised and regulated by the Financial Conduct Authority under reference 463566. See http://www.fca.org.uk/register for more details.

In Jersey the Praemium Group is: Praemium International Ltd (Company Number: 107624) which has its registered office at 3rd Floor East, Salisbury House, 1-9 Union Street, St Helier, JE2 3RF and is regulated under the Financial Service (Jersey) Law 1998 by the Jersey Financial Services Commission for the conduct of investment business in Jersey. See http://www.jerseyfsc.org for more details.

Thank you for your cooperation. Please contact us on +44 (0)207 5622 450 if you require assistance.

More information about the Users mailing list