-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 8 Jul 2002, Mariusz Drozdziel wrote:
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | [3 is OAKLEY_RSA_SIG]
> "roadwarrior"[2] xxx.xxx.xxx.xxx #2: policy does not allow \
> OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
> ---------------- cut ----------------
>
> Where should i define this 'policy' to allow OAKLEY_RSA_SIG?
On the FreeS/WAN side, this policy is ultimately defined in ipsec.conf;
authby=rsasig should be sufficient. Compare your configuration to to
the outline in Nate Carlson's excellent X.509-win2k walkthrough:
http://www.natecarlson.com/include/showpage.php?cat=linux&page=ipsec-x509
Barring that, post your ipsec.conf file for us to review.
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPSkVoUOSC4btEQUtAQEC+AQArnBAz0VF2hs6GZjL+vTnXM1ZoWXAvVLp
irztfa3xypGTAoklEyaF2oZAs1WYxL9V58KFmsFmOVrZ5M1Nd9KM3Ju782Wz0dTW
RYJ/ovnYv0wChCblH7jR9DqZyvlh/cyobgQV+rVpbQKlvMP+cUkyE/C2vTBikSQz
q+wTMCCpNDE=
=5Kga
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:19 CEST