From: Phill Ashworth (admin_at_dwvc.org)
Date: Fri Nov 08 2002 - 08:16:00 CET
Hi
I'm having some problems getting a standard FreeS/WAN install to talk
to x509 (0.9.14) enabled FreeS/WAN.
I have searched around but I don't fully understand how to set this up
ad I've not managed to configure a suitable connection in the
ipsec.conf file. I can't get past 'no suitable connection for peer',
'STATE_MAIN_R2 failed: INVALID_ID_INFORMATION'
I've added 'nocrsend=yes' to the x509 enabled gateway and I have 2 host
keys in ipsec.secrets, one in PKCS#1 file format loaded with : RSA <my
keyfile> and the other as a raw rsa key.
: RSA {
# RSA 2192 bits txvpn.mydomain .......
Is this correct, will x509 FreeS/WAN load both keys?
I also get the following when freeswan starts and loads the connection
definition:
pluto[16184]: no subjectAltName matches ID '@ txvpn.mydomain',
replaced by subject DN
In the connection I have pasted the raw host keys and the corresponding
id.
conn myconn
....
# Standard FreeS/WAN
right=81.xx.xx.xx
rightid=@goldfinger.smersh.casa
rightrsasigkey=0sAQOWOpY.....
....
# x509 FreeS/WAN
left=62.xx.xx.xx
leftid=@txvpn.mydomain
leftrsasigkey=0sAQOg6BB....
txvpn pluto[16664]: "rw_nat1"[1] 81.xx.xx.xx #1: Peer ID is ID_FQDN:
'@goldfinger.smersh.casa'
txvpn pluto[16664]: "rw_nat1"[1] 81.xx.xx.xx #1: no suitable connection
for peer '@goldfinger.smersh.casa'
txvpn pluto[16664]: | state transition function for STATE_MAIN_R2
failed: INVALID_ID_INFORMATION
I would really appreciate some suggestions.
Thanks
Phill Ashworth
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 15 2002 - 05:20:49 CET