Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem

From: Andreas Steffen (andreas.steffen_at_strongsec.com)
Date: Sun May 05 2002 - 23:30:57 CEST

Next message: Andreas Steffen: "Re: [Users] Error message "no connection has been authorized""
Previous message: Markus Koellner: "[Users] Re: X.509 patch version 0.9.11 offers PKCS#7 support"
Maybe in reply to: Daniel Tombeil: "[Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you use several anonymous private keys of the form

: RSA myKey_n.pem "<optional password"

: RSA {
...
}

then all connection definitions in ipsec.conf need a statement

leftcert=myCert_n.pem

The public key in myCert_n.pem must match the private key in
myKey_n.pem or a private key directly defined in ipsec.secrets.
A default certificate can be set in the conn %default section.
With multiple anonymous private keys it
is not possible to use the deprecated default certificate
/etc/x509cert.der, because the corresponding private key in
ipsec.secrets will not be found and a warning of the type

> May 5 23:05:49 firecat Pluto[25052]: "daniel" <peer> #3: multiple
> ipsec.secrets entries with distinct secrets match endpoints: first
> secret used

will be generated and possibly a wrong private key will be selected.

Regards

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==

> -----Original Message-----
> From: Daniel Tombeil [mailto:dt_at_admindu.de]
> Sent: Sonntag, 5. Mai 2002 23:16
> To: 'Andreas Steffen'
> Subject: AW: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem
>
>
> Hi,
>
> I have a strange problem I don't understand. Maybe you can help?!
> I have the following line in my logs. What exactly does that mean.
> It appeared after adding another new connection. But all connections
> Seem to work normal.
>
> May 5 23:05:49 firecat Pluto[25052]: "daniel" <peer> #3: multiple
> ipsec.secrets entries with distinct secrets match endpoints: first
> secret used
> May 5 23:05:49 firecat Pluto[25052]: "daniel" <peer> #3: multiple
> ipsec.secrets entries with distinct secrets match endpoints: first
> secret used
>
> Thank you!
>
> Regards
>
> daniel
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Andreas Steffen: "Re: [Users] Error message "no connection has been authorized""
Previous message: Markus Koellner: "[Users] Re: X.509 patch version 0.9.11 offers PKCS#7 support"
Maybe in reply to: Daniel Tombeil: "[Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST