Hi,
i have the problem described earlier in this list. i want to use public keys
with my existing connections and x509 additional for new road-warriors. it
should be possible with 0.9.9. i use 0.9.10 now but i still have problems
with that situation. my existing link broke down. what patch i should use on
the x509 patched freeswan to operate with unpatched versions.
thanks,
claus
********* 18.Feb ************
Starting with version 0.9.3 of the X.509 patch, Pluto is sending
a certificate request to its peers whenever /etc/x509cert.der exists
and auth=rsasig. Unfortunately standard FreeS/WAN does not know
how to answer a certificate request and instead of silently
ignoring the message it aborts the negotiation. So currently
interoperability is not possible. This will be fixed in
the next release 0.9.9 of the X.509 patch:
When the X.509 enhanced Pluto will act as the initiator and
the RSA public key has been preloaded in ipsec.conf, then it
will not send a certificate request to its peer. This scheme
will not work when the peer is a roadwarrior with unknown
IP address and is acting as the initiator.
Regards
Andreas
*******************************
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:54 CEST