I have some new ALIX routers running 1.3b9 and I'm trying to set up
site to site certificate based VPN's (using a CA cert). I was not able
to get this working at first because I kept having Vendor ID problems
that kept the tunnel from coming up no matter which identifiers I
chose. Searching the archives turned up questions from one other
person. Surely I'm not the second person ever to try to use the
certificate based VPN feature am I?
It does seem that racoon's asn1dn identifier option is necessary when
using certificate based VPN. I hacked this change into my m0n0walls'
/var/etc/racoon.conf and the VPN came up right away. So is this the
only way to make it work?
These are the only options I changed in racoon.conf:
If the asn1dn identifier is indeed required to make cert based IPSEC
VPN work, I will be happy to implement the changes required to make
this configurable in the webgui, but first I want to make sure I'm not
completely wrong about this.