Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Problems with FreeSWAN and W2k using x509

From: Adrian Blockus (ablockus_at_gmx.net)
Date: Thu Apr 25 2002 - 09:29:42 CEST

Next message: Igmar Palsenberg: "Re: [Users] PIX 515 <--> FreeSWAN 1.97 x509 (long post)"
Previous message: Justin Kreger: "RE: [Users] Linksys BEFVP41 router"
In reply to: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Next in thread: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Philip,

my configuration looks like yours and I had the same problem. I found out
that Windows is very kinky concerning the Distinguished Name. So I created
new certificates, avoiding any special characters in the DN like '+' or '-'
and now my system works.

Your problem is probably the e-mail adress in your DN ('test-ag').

Can anybody describe how to use special characters in DN?? It would be very
usefull, because there are many e-mail adresses with dashes.

----- Original Message -----
From: "Philip Reetz" <p.reetz_at_linet-services.de>
To: <harry.brueckner_at_orange-digital.de>
Cc: "users" <users_at_lists.freeswan.org>
Sent: Wednesday, April 24, 2002 3:27 PM
Subject: Re: [Users] Problems with FreeSWAN and W2k using x509

> To help track down my mistake here are the ipsec.conf from the linux box
> and the ipsec.conf used for w2k:
>
> linux:
> -snip-
> conn bssub-rw1
> authby=rsasig
> left=xxx.yyy.zzz.110
> leftsubnet=192.168.0.0/24
> leftnexthop=xxx.yyy.zzz.109
> leftrsasigkey=%cert
> leftid="C=DE, ST=NDS, O=Test AG, OU=test,
> CN=test/Email=info_at_test-ag.de"
> right=%any
> rightsubnet=
> rightnexthop=
> rightrsasigkey=%cert
> rightid="C=DE, ST=NDS, O=Test AG, OU=test-rw1,
> CN=test-rw1/Email=info_at_test-ag.de"
> auto=add
> -snip-
>
> w2k:
> conn notebook
> left=%any
> right=xxx.yyy.zzz.110
> rightsubnet=192.168.0.0/255.255.255.0
> rightca="C=DE, S=NDS, L=Braunschweig, O=Test AG, OU=test, CN=test
> E=info_at_test-ag.de"
>
> network=both
> auto=start
> pfs=yes
>
>
> And to leave nothing to the imagination :)
> here is the output from openssl for the roadwarrior and gw certificate:
>
> roadwarrior:
> Issuer: C=DE, ST=NDS, L=Braunschweig, O=Test AG, OU=test,
> CN=test/Email=info_at_test-ag.de
> Subject: C=DE, ST=NDS, O=Test AG, OU=test-rw1,
> CN=test-rw1/Email=info_at_test-ag.de
>
> gateway:
> Issuer: C=DE, ST=NDS, L=Braunschweig, O=Test AG, OU=test,
> CN=test/Email=info_at_test-ag.de
> Subject: C=DE, ST=NDS, O=Test AG, OU=test, CN=test/Email=info_at_test-ag.de
>
> I really hope someone will find the error I'm overlooking so hard.
>
> Ciao,
> Philip
> --
> LINET Services
> Bunkus, Geisler und Reetz GbR
>
> Rebenring 33 Tel.: 0531-280 191 71
> 38106 Braunschweig Fax.: 0531-280 191 72
>
> http://www.linet-services.de
> mailto:info_at_linet-services.de
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Igmar Palsenberg: "Re: [Users] PIX 515 <--> FreeSWAN 1.97 x509 (long post)"
Previous message: Justin Kreger: "RE: [Users] Linksys BEFVP41 router"
In reply to: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Next in thread: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:55 CEST