Tom Tom Hendrickx wrote: > Hey > > Citeren Erich Titl <[EMAIL PROTECTED]>: > >> Tom >> >> Tom Hendrickx wrote: >>> Hi! thanks Charles for your reply, but I fear it didn't helped.. >>> >>> the subnet for the roadwarrior I got from here : >>> http://wiki.openswan.org/index.php/Openswan/ExtrudedSubnetRoadWarrior >> This example only shows an extruded subnet consisting of a _single_ >> address, not a subnet. _And_ it uses the %defaultroute and the %any >> as addresses for the right party, e.g. the road warrior. Now the keys >> in this case come from DNS, which might not be the case in your >> environment. >> > Indeed, I work with selfmade certificats and keys.. RSA keys made by tinyCA2
This should not be a problem. > > >> Please have a look at the auth.log and/or ipsec barf to see what >> state your connection is in . >> > and looking at ipsec barf, the keys seems to be the problem.. > on both sides it says: > loading secrets from "/etc/ipsec.secrets" > "/etc/ipsec.secrets" line 2: unrecognized key format: client-key.pem Well, there is a defined format for ipsec.secrets with X.509 certificates. In my case it is : RSA gatekeeper.key > > and after this at the authentication, it's unable to find the key for > RSA Signature.. no surprise :-) > > for configuring secrets I followed: > http://leaf.sourceforge.net/doc/bucu-openswan.html > > and in secrets I have : ": client-key.pem test" This is wrong, see above. > > for making my keys I followed: > http://leaf.sourceforge.net/doc/bucu-tinyca.html > Actually the original documentation is at openswan.org. I must admit it is kind of terse :-) Some of the configuration stuff is difficult to come by, there is always http://www.freeswan.org/ cheers Erich ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
