From: katro kar (katro_kar_at_yahoo.com)
Date: Wed Oct 23 2002 - 09:00:21 CEST
Hi ,
I have been unsuccessfully trying to use certificates
with SSH sentinel and freeswan 1.95 with x.509 0.9.8
patch.
I have read through all the mailing lists, but nothing
worked.
I read few of the mails from andreas steffen and his
release notes for x.509 patch.
I created certificates using openssl 0.9.6b.
i imported the windows certificate in to ssh sentinel
When i created the certificate for Sentinel with a
mail id the freeswan logged as INVALID_ID_INFORMATION
saying no suitable peer connection for
"katro_kar_at_yahoo.com".
Then i created the certificate without the mail id .
It said no suitable connection for
"C=UK,....."
Then i included rightid in ipsec.conf and now the
message says
Pluto[5487]: "warrior" #1: ASSERTION FAILED at
ipsec_doi.c:1140: st->st_peer_pubkey == NULL
Oct 23 12:02:01 katro ipsec__plutorun: Restarting
Pluto subsystem...
my ipsec.secrets
192.168.1.128 192.168.1.126: RSA keymine.pem "katro"
ipsec.conf
conn warrior
#type=transport
authby=rsasig
rightrsasigkey=%cert
leftrsasigkey=%cert
#right=%any
left=192.168.1.128
right=192.168.1.126
rightid="C=UK,ST=MN,L=west,O=temp,OU=ncg,CN=mycert"
#rightid=katro_kar_at_yahoo.com
leftcert=certmine.pem
rightcert=w2kcert.pem
#auth=esp
#auto=add
compress=no
pfs=yes
If anyone requires i will send the complete
/var/log/secure. Whats wrong in the configuration.
As both certificates got validated but in
STATE_MAIN_I3 it fails for invalid id .
why is that the pluto not able to find the public key.
If required i can send the complete conf and log files
of sentinel and freeswan.
Thanks
katro
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 24 2002 - 05:20:31 CEST