Re: [Users] Multiple RWs with X.509

With roadwarrior connectios (i.e. with right=%any) it is normal behaviour that an arbitrary roadwarrior connection is chosen when a roadwarrior starts initiating. As soon as the ID is received from the roadwarrior in message MI3 a switch is made to the correct connection (in your case from wall-albatros to fishbowl-albatross).

The error

"wall-albatross" xxx.xx.xx.xx #2193: no suitable connection for peer 'C=CH, ST=ZH, L=Zurich, O=madduck.net, ... rwB'

means that ipsec auto --status does not show a connection with that ID. This may be due to an error that occured when the connection definition "fishbowl-albatross" was loaded on the gateway during Pluto startup. So please check if "fishbowl-albatross" shows up in ipsec auto -status and matches character-per-character with the Peer ID.

Regards

Andreas

martin f krafft wrote:
> I am using the X.509 patch and trying to allow multiple RWs to connect

-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek