IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Problems with FreeSWAN and W2k using x509

From: Harry Brueckner (harry.brueckner_at_orange-digital.de)
Date: Wed Apr 24 2002 - 15:38:55 CEST

Philip,

Philip Reetz wrote:

> To help track down my mistake here are the ipsec.conf from the linux box
> and the ipsec.conf used for w2k:
>
> linux:
> -snip-
> conn bssub-rw1
> authby=rsasig
> left=xxx.yyy.zzz.110
> leftsubnet=192.168.0.0/24
> leftnexthop=xxx.yyy.zzz.109
> leftrsasigkey=%cert
> leftid="C=DE, ST=NDS, O=Test AG, OU=test,
> CN=test/Email=info_at_test-ag.de"
> right=%any
> rightsubnet=
> rightnexthop=
> rightrsasigkey=%cert
> rightid="C=DE, ST=NDS, O=Test AG, OU=test-rw1,
> CN=test-rw1/Email=info_at_test-ag.de"
> auto=add
> -snip-

I think FreeS/WAN does not like the rightca= and leftca= part. AFAIK
this is an extension for the windows tool from Markus Mueller.
If it still is needed I'd guess you have to separate the fields with "/"
instead of ",".

> w2k:
> conn notebook
> left=%any
> right=xxx.yyy.zzz.110
> rightsubnet=192.168.0.0/255.255.255.0
> rightca="C=DE, S=NDS, L=Braunschweig, O=Test AG, OU=test, CN=test
> E=info_at_test-ag.de"

Unfortunately here is a linebreak but if it is similar to the above, you
have to separate the Email= field the same way like all others - with
"," for windows and with "/" for everybody else.

> network=both
> auto=start
> pfs=yes

HTH, Harry.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST