[ previous ] [ next ] [ threads ]
 
 From:  "Naber, Peter" <peter dot naber at alfa dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  X509 Tunnel m0n0wall to openswan
 Date:  Fri, 7 Oct 2005 16:29:53 +0200
Hi,

i try to build a tunnel between m0n0wall and openswan ipsec with x509 certificates.
I got a problem with the Identifier.
I try domain and fdqn as a identifier, but the items are different:
What can I do ??

regards,

Peter Naber

------------- cut here ---------------------

Logfile of openwan ipsec:

Oct  7 15:11:53 lnx pluto[32311]: |    match_id a=@alfa.test.org
Oct  7 15:11:53 lnx pluto[32311]: |             b=C=DE, ST=Hessen, L=Frankfurt, O=alfa-it Systems
GmbH, OU=System House, CN=alfa.test.org, SN=5
Oct  7 15:11:53 lnx pluto[32311]: |    results  fail                                                
                             


-------- openswan ipsec config -----------
conn x509test
       type=tunnel
       authby=rsasig
       keyingtries=0
       left=xx.xx.xx.xx
       leftsubnet=xx.xx.xx.xx/255.255.255.0
       leftrsasigkey=%cert
       right=%any
       rightid="C=DE, ST=Hessen, L=Frankfurt, O=alfa-it Systems GmbH, OU=System House,
CN=alfa.test.org/emailAddress=peter dot naber at xx dot de"
       rightrsasigkey=%cert
       rightcert=/etc/ipsec.d/certs/alfa.pem
       keylife=2h
       ikelifetime=1h
      
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
       esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
       auto=add
       pfs=yes