[ previous ] [ next ] [ threads ]
 
 From:  JR <tiresias at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  racoon asn1dn identifier problem
 Date:  Mon, 12 May 2008 15:42:22 -0400
Hello,
I tried using the new asn1dn (RSA Cert Subject) identifier option on
my certificate based VPN (1.3b11), but it caused racoon to quit. It
seems that if you do not enter the DN (leave identifier blank) when
you select RSA Cert Subject, m0n0wall sets the asn1dn identifier as a
quoted, empty string in /var/etc/racoon.conf, which racoon does not
like.

May 12 11:40:06 	racoon: INFO: Reading configuration from "/var/etc/racoon.conf"
May 12 11:40:06 	racoon: ERROR: /var/etc/racoon.conf:91: """ failed to
set identifer.
May 12 11:40:06 	racoon: ERROR: fatal parse failure (1 errors)

Specifying the identifier is optional with asn1dn, since "If string is
omitted, racoon(8) will get DN from Subject field in the certificate."
(man 5 racoon).

I have modified /etc/inc/vpn.inc to omit the quoted empty string when
the identifier type is asn1dn and no identifier is specified. A patch
is attached. I've tested this and it is working for me with explicit
or non-specified asn1dn identifier, as well as other identifier types
(FQDN).

JR
vpn.inc-fix_asn1dn_identifier-1.3b11.patch (1.7 KB, text/x-diff)