From: martin f krafft (madduck_at_madduck.net)
Date: Wed Oct 30 2002 - 00:18:10 CET
> > This applies only if you load the certificate locally by
> > using
> >
> > [right|left]cert=
> >
> > In this case the distinguished subject name of the certificate is
> > automatically assigned to [right|left]id. This can be overrun
> > by a [right|left]id defining one of the subjectAltNames contained
> > in the certificate as the ID.
Still no dice. Now my config is like this:
conn %default
authby=rsasig
rightrsasigkey=%cert
right=217.162.173.237
rightsubnet=192.168.2.0/24
rightnexthop=217.162.172.1
leftrsasigkey=%cert
left=80.218.18.6
leftsubnet=192.168.1.0/24
leftnexthop=80.218.16.1
auto=start
conn leftside # on the left side only
leftcert=private/fishbowl.dyn.madduck.net.pem
rightid="C=CH, O=madduck.net, CN=albatros.dyn.madduck.net"
conn rightside # on the right side only
rightcert=private/albatros.dyn.madduck.net.pem
leftid="C=CH, O=madduck.net, CN=fishbowl.dyn.madduck.net"
but I still get the error:
left:
pluto[30165]: "gate-albatros" #9: Peer ID is ID_IPV4_ADDR:
'217.162.173.237'
pluto[30165]: "gate-albatros" #9: Issuer CRL not found
pluto[30165]: "gate-albatros" #9: Issuer CRL not found
pluto[30165]: "gate-albatros" #9: no suitable connection for peer
'217.162.173.237'
right:
pluto[22175]: "gate-albatros" #9: ignoring informational payload, type
INVALID_ID_INFORMATION
pluto[22175]: "gate-albatros" #9: discarding duplicate packet; already
STATE_MAIN_I3
What am I doing wrong?
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net_at_madduck
"the so-called lessons of history are for the most part
the rationalizations of the victors.
history is written by the survivors."
-- max lerner
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET