Hosting Provided By

Re: [Users] IPSec

From: Andreas Steffen <andreas.steffen(at)strongsec.net>
Date: Mon Sep 22 2003 - 02:14:12 EDT

Sukhbinder Singh wrote:
> dear mr.steffen,

The matching private key of the FreeS/WAN cert is missing. Please load it in /etc/ipsec.secrets via the command

: RSA freeswanKey.pem "optional 3DES password"

remove the default private key already present in ipsec.secrets.

> 000 Sep 22 13:21:26 2003, count: 2

this is not the XP cert but the CA cert which signed both the freeswan cert and the XP cert. Put the CA cert into /etc/ipsec.d/cacerts. Please make sure that the lifetime of the CA cert is longer than those of the host certs (which is not the case in your example). Otherwise XP will reject the freeswan cert.

The XP cert is not required on the freeswan gw. it will be received via the IKE negotiation.

Do you need help?

Regards

Andreas

> [root@localhost sslca]#

Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64

CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65

==========================================[strong internet security]===

_______________________________________________

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Mon Sep 22 02:44:06 2003

This message: [ Message body ]
Next message: Sam Sgro: "Re: [Users] kernel crash with 2 ipsec interfaces"
Previous message: Axel Christiansen: "[Users] kernel crash with 2 ipsec interfaces"
In reply to Sukhbinder Singh: "Re: [Users] IPSec"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:34 EDT