Could you send me the ipsec.conf you are using with version 0.9.10?
Regards
Andreas
Claus Rosenberger wrote:
>
> Hi,
>
> i have the problem described earlier in this list. i want to use public keys
> with my existing connections and x509 additional for new road-warriors. it
> should be possible with 0.9.9. i use 0.9.10 now but i still have problems
> with that situation. my existing link broke down. what patch i should use on
> the x509 patched freeswan to operate with unpatched versions.
>
> thanks,
>
> claus
>
> ********* 18.Feb ************
>
> Starting with version 0.9.3 of the X.509 patch, Pluto is sending
> a certificate request to its peers whenever /etc/x509cert.der exists
> and auth=rsasig. Unfortunately standard FreeS/WAN does not know
> how to answer a certificate request and instead of silently
> ignoring the message it aborts the negotiation. So currently
> interoperability is not possible. This will be fixed in
> the next release 0.9.9 of the X.509 patch:
>
> When the X.509 enhanced Pluto will act as the initiator and
> the RSA public key has been preloaded in ipsec.conf, then it
> will not send a certificate request to its peer. This scheme
> will not work when the peer is a roadwarrior with unknown
> IP address and is acting as the initiator.
>
> Regards
>
> Andreas
>
> *******************************
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_strongsec.com strongSec GmbH phone: +41 76 340 25 56 Alter Zürichweg 20 home: http://www.strongsec.com CH-8952 Schlieren (Switzerland) ==========================================[strong internet security]== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST