I could be wrong in my assumption, but I cannot seem to get this to work for me and this error will not disappear while my problem continues.

I'm trying to get a RoadWarrior setup for an Android L2TP/IPSec vpn. I had it working at one time on my LAN but failed getting through the pf firewall, so I stowed it while I was required to work on something else; unfortunately I lost the working config somehow (I think? This could be just the bug) and I had to start again- no biggie as I pulled the info off the net before so I could do it again.

I recreated some new certificates (the old ones I used to test had expired- I only gave them a very short life for security reasons), and recreated what I thought I had before using xca (same as previously). These include the mandatory SAN: I use email:copy to set this.

No amount of googling has helped my investigations, everything is still basically the same age as when I first set this up. But racoon insists the SAN is unavailable now. I've also tried turning off verify identity, but in spite it says the certificates don't match because of empty certificate requests; it would seem that it is still looking for the SAN even though it no longer says so. Googling also verifies that racoon _requires_ SAN to be set to work.

I've tried other SAN types, but they don't seem to work either. A check on the certificate shows that it _is_ actually there on all the certificates, but racoon must be blind or something :)

Can anyone shed some light on this? Has racoon developed a bug on this at some time?

FWIW racoon wont even pass phase1 so I'd assume it is not working because of this problem.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to