|
||||||||
Hello, I have some new ALIX routers running 1.3b9 and I'm trying to set up site to site certificate based VPN's (using a CA cert). I was not able to get this working at first because I kept having Vendor ID problems that kept the tunnel from coming up no matter which identifiers I chose. Searching the archives turned up questions from one other person. Surely I'm not the second person ever to try to use the certificate based VPN feature am I? http://m0n0.ch/wall/list/showmsg.php?id=206/25 http://m0n0.ch/wall/list/showmsg.php?id=207/05 It does seem that racoon's asn1dn identifier option is necessary when using certificate based VPN. I hacked this change into my m0n0walls' /var/etc/racoon.conf and the VPN came up right away. So is this the only way to make it work? These are the only options I changed in racoon.conf: my_identifier asn1dn; peers_identifier asn1dn; If the asn1dn identifier is indeed required to make cert based IPSEC VPN work, I will be happy to implement the changes required to make this configurable in the webgui, but first I want to make sure I'm not completely wrong about this. Thanks, JR |