[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] using RSA signatures and PSK on one strongswan
From: a.bertacca () vva ! de (Ariano Bertacca)
Date: 2004-05-17 15:43:20
Message-ID: 1084801273.3225.68.camel () grautvornix ! intern ! vva ! de
[Download RAW message or body]
Hi!
I managed to use PSK along with RSASIG authentication. Works perfectly.
If you set up your "conn %default" including your vpn routers cert (like
leftcert=blah.pem) you have to reset that when using PSK auth.
Like:
conn %default
leftcert=vpnrouter.pem
leftid="C=...
...
and:
conn remote-psk
leftcert=
leftid=123.123.123.123
authby=secret
...
as well as a proper ipsec.secrets file.
Maybe this is obvious to all of you - i wondered the first two or three
times when i got several messages telling me that no psk was found
(pluto was not looking for ID=IP instead looked for the certs DN as ID),
so i wanted to leave a hint for all that want to try this kind of
configuration.
Great piece of software!
Kind regards,
Ariano Bertacca
--
VVA Kommunikation
: medien mit zukunft
Ariano Bertacca | Systemmanagement | Netzwerktechnik | IT-Security
VVA Kommunikation
H?herweg 278 | 40231 D?sseldorf
fon: 0211 7357-834 | fax: 0211 7357-859
a.bertacca@vva.de
PGP KeyID: 0x081E5E62
PGP Fingerprint: EAD0 4BAD 0819 5079 96AC 3DC4 CB54 F02F 081E 5E62
-----------------------------------------------------------------------
Any opinions expressed in this message are those of the individual
and not necessarily the company. This message and any files transmitted
with it are confidential and solely for the use of the intended
recipient. If you are not the intended recipient or the person
responsible for delivering to the intended recipient, be advised that
you have received this message in error and that any use is strictly
prohibited.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic