Tom

Tom Hendrickx wrote:
> Hey
> 
> Citeren Erich Titl <[EMAIL PROTECTED]>:
> 
>> Tom
>>
>> Tom Hendrickx wrote:
>>> Hi! thanks Charles for your reply, but I fear it didn't helped..
>>>
>>> the subnet for the roadwarrior I got from here : 
>>> http://wiki.openswan.org/index.php/Openswan/ExtrudedSubnetRoadWarrior
>> This example only shows an extruded subnet consisting of a _single_ 
>> address, not a subnet. _And_ it uses the %defaultroute and the %any 
>> as addresses for the right party, e.g. the road warrior. Now the keys 
>> in this case come from DNS, which might not be the case in your 
>> environment.
>>
> Indeed, I work with selfmade certificats and keys.. RSA keys made by tinyCA2

This should not be a problem.

> 
> 
>> Please have a look at the auth.log and/or ipsec barf to see what 
>> state your connection is in .
>>
> and looking at ipsec barf, the keys seems to be the problem..
> on both sides it says:
> loading secrets from "/etc/ipsec.secrets"
> "/etc/ipsec.secrets" line 2: unrecognized key format: client-key.pem

Well, there is a defined format for ipsec.secrets with X.509 
certificates. In my case it is

: RSA gatekeeper.key

> 
> and after this at the authentication, it's unable to find the key for 
> RSA Signature..

no surprise :-)

> 
> for configuring secrets I followed:
> http://leaf.sourceforge.net/doc/bucu-openswan.html
> 
> and in secrets I have : ": client-key.pem test"

This is wrong, see above.

> 
> for making my keys I followed:
> http://leaf.sourceforge.net/doc/bucu-tinyca.html
> 

Actually the original documentation is at openswan.org. I must admit it 
is kind of terse :-)

Some of the configuration stuff is difficult to come by, there is always 
http://www.freeswan.org/

cheers

Erich

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to