[ previous ] [ next ] [ threads ]
 From:  JR <tiresias at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  certificate based IPSEC VPN
 Date:  Tue, 22 Jan 2008 15:11:25 -0500

I have some new ALIX routers running 1.3b9 and I'm trying to set up
site to site certificate based VPN's (using a CA cert). I was not able
to get this working at first because I kept having Vendor ID problems
that kept the tunnel from coming up no matter which identifiers I
chose. Searching the archives turned up questions from one other
person. Surely I'm not the second person ever to try to use the
certificate based VPN feature am I?

It does seem that racoon's asn1dn identifier option is necessary when
using certificate based VPN. I hacked this change into my m0n0walls'
/var/etc/racoon.conf and the VPN came up right away. So is this the
only way to make it work?
These are the only options I changed in racoon.conf:

my_identifier asn1dn;
peers_identifier asn1dn;

If the asn1dn identifier is indeed required to make cert based IPSEC
VPN work, I will be happy to implement the changes required to make
this configurable in the webgui, but first I want to make sure I'm not
completely wrong about this.