Re: [Users] [QUESTION] IPsec

Martin Zwickel wrote:
> On Thu, 27 Mar 2003 22:44:51 +0100

>>Martin Zwickel wrote:
>>
>>
>>This is a bug in the X.509 patch 1.2.1 for freeswan-2.00-rc. I  have
>>released a single line fix on this list today.

Use the freshly released version 1.2.2 for freeswan-2.00-rc2.

>

>>>conn tt
>>># vpn server:
>>>        right=Y.Y.Y.Y
>>>        rightsubnet=192.168.1.0/255.255.255.0
>>>        rightrsasigkey=%cert
>>
>>Where is rightcert designating FreeS/WAN's own
>>certificate? The peer side will not be able to authenticate
>>you.

leftid is the expected ID of the peer

> what should i use as the rightcert?

rightcert is the certificate of the vpn server. It will be sent to the peer.

> do i have to install another cert on my side? and where can i get it

>>># my side:
>>>        left=X.X.X.X
>>>        leftsubnet=192.168.0.0/255.255.255.0
>>>        leftrsasigkey=%cert
>>>        leftid="/C=DE/ST=Thueringen/L=Augsburg/O=Technotrend
>>>AG/CN=Martin Zwickel/Email=martin.zwickel@technotrend.de"      
>>>        compress=yes
>>>        keyingtries=1
>>>        pfs=yes
>>

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Regards

Andreas

Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64

==========================================[strong internet security]===


_______________________________________________