killhead_at_pandora.be wrote:
> Seems to me the client cert is valid and is binded with the openssl CA
> The common name on Issuer of host key is:
> CN=hermes.ignl.be
> The subject here is:
> CN=calin.ignl.be
>
> The common name of the issuer of CA is:
> CN=hermes.ignl.be
> The subject here is:
> CN=hermes.ignl.be
>
> Is that correct ?
Yes, they look ok to me. Please check Trust Policy -> Trusted
Certificates -> Remote Hosts. You should not find there any
hermes.ignl.be or calin.ignl.be certificates. If one exists, please
remove it and press Apply to update PM database.
Restart FreeSWAN IPSec and check both /var/log/secure and
/var/log/messages logfiles for possible error messages.
Setup a VPN rule for SSH Sentinel, enable it (via tray icon or by
setting up it to open on start-up), open IKE log windows for
logging=Detailed and send one single ping packet to a remote host (or
inner interface of the FreeSWAN SGW) as
ping -n 1 ipaddr.of.remote.host
Setup IKE logging=Off and start browsing the logfile. Also check
FreeSWAN logs for the same timeframe. I'm sure you'll find the reason
somewhere.
Regards,
Jussi
-- ______________________________________________________________ Jussi Törhönen, Kuopio R&D unit, e-mail jussi.torhonen_at_ssh.com SSH Communications Security Corp, http://www.ssh.com SSH Sentinel VPN Client, http://www.ipsec.com_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:07 CEST