Re: [Users] Re: (racoon 33) Phase1 Problem

Authentication based on certificates is successful on the FreeS/WAN side.

 >>Feb 20 12:30:54 doufu Pluto[28218]: "darkelf" #945: Peer ID is
 >>ID_DER_ASN1_DN: 'C=CA, ST=Quebec, O=IPv6 Peer, OU=NOC - Head of unwanted
 >>packets, CN=hellraiser.ipv6peer.net, E=fuzzball@ipv6peer.net'
 >>Feb 20 12:30:54 doufu Pluto[28218]: "darkelf" #945: sent MR3, ISAKMP SA
 >>established

but Racoon does not seem to receive message MR3 containing FreeS/WAN's ID, certificate and signature (or the error is hidden in "lots of debug".

 >>
 >>.... lots of debug ...
 >>
 >>2003-02-20 08:46:57: DEBUG: isakmp.c:1449:isakmp_ph1resend(): resend
 >>phase1 packet 7f8cc37a4aef36c4:60dfab2b2ec8cd28

How large is FreeS/WAN's certificate? IP fragmentation might be the reason that MR3 gets lost on the way.

Regards

Andreas

Shoichi Sakane wrote:

> does frees/wan implementation support a x509 certificate ?
> 
> 

> 
> _______________________________________________
> Users mailing list
> Users@lists.freeswan.org
> 
http://lists.freeswan.org/mailman/listinfo/users

-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users