[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: Re: [Openswan dev] Pluto respawns with rightid=%fromcert
From: Tuomo Soini <tis () foobar ! fi>
Date: 2008-12-11 17:53:25
Message-ID: 49415395.5050404 () foobar ! fi
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nicolas Bellido Y Ortega wrote:
> On Thursday 11 December 2008 17:44:17 Tuomo Soini wrote:
>> Nicolas Bellido Y Ortega wrote:
>>> conn left-right-vpn
>>> left=10.0.5.83
>>> leftcert=/etc/ipsec.d/certs/leftCert.pem
>>> leftsendcert=always
>>> right=%any
>>> rightca=%any
>>> rightid=%fromcert
>>> auto=add
>> This config is totally wrong but it looks like config-parser will accept
>> it (wrongly). right=%any and rightid=%fromcert is invalid combination.
>> Fromcert can only load id from locally stored certificate!
>
> Let's see:
>
> conn left-right-vpn
> left=10.0.5.83
> leftcert=/etc/ipsec.d/certs/leftCert.pem
> leftsendcert=always
> rightid=%fromcert
> rightca=%any
> auto=add
What you want is leftid=%fromcert
NOT rightid=%fromcert
you want to set rightid="<subject of right certificate here>"
I already said to you you can only use rightid=%fromcert together with
rightcert=rightCert.pem
- --
Tuomo Soini <tis@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFJQVOVTlrZKzwul1ERAku9AJ9K//aWKUnqjrOnxgX7NUk2aBbp9gCfe0nx
ZwugKUCw1MgjT8FURfGGFuw=
=Acrm
-----END PGP SIGNATURE-----
_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic