|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Design] a question about x509cert exchange
From: yli <yli(at)ict.ac.cn>
Date: Thu Mar 13 2003 - 04:59:29 EST
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Thu Mar 13 06:22:47 2003
Date: Thu Mar 13 2003 - 04:59:29 EST
Hello,
"no RSA public key known for (ip address of peer)"
ipsec.conf for host (10.10.10.112)
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn one-one
right=10.10.10.114
rightid="####"
#don't install certificate of 10.10.10.114 in 10.10.10.12
#rightcert=x509cert_no3.der
# local host is left
left=10.10.10.112
leftcert=x509cert_no1.der
auto=add
pfs=yes
ipsec.conf for host (10.10.10.114)
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn one-one
left=10.10.10.112
leftcert=x509cert_no1.der
right=10.10.10.114
rightcert=x509cert_no3.der
auto=add
pfs=yes
_______________________________________________
Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Thu Mar 13 06:22:47 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:57 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |