[ previous ] [ next ] [ threads ]
 
 From:  JR <tiresias at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  certificate based IPSEC VPN
 Date:  Tue, 22 Jan 2008 15:11:25 -0500
Hello,

I have some new ALIX routers running 1.3b9 and I'm trying to set up
site to site certificate based VPN's (using a CA cert). I was not able
to get this working at first because I kept having Vendor ID problems
that kept the tunnel from coming up no matter which identifiers I
chose. Searching the archives turned up questions from one other
person. Surely I'm not the second person ever to try to use the
certificate based VPN feature am I?
http://m0n0.ch/wall/list/showmsg.php?id=206/25
http://m0n0.ch/wall/list/showmsg.php?id=207/05

It does seem that racoon's asn1dn identifier option is necessary when
using certificate based VPN. I hacked this change into my m0n0walls'
/var/etc/racoon.conf and the VPN came up right away. So is this the
only way to make it work?
These are the only options I changed in racoon.conf:

my_identifier asn1dn;
peers_identifier asn1dn;

If the asn1dn identifier is indeed required to make cert based IPSEC
VPN work, I will be happy to implement the changes required to make
this configurable in the webgui, but first I want to make sure I'm not
completely wrong about this.

Thanks,
JR