Xia Weizhong wrote: > Hi Andreas > > After check the sqlite howto and the example you mentioned, I still got > several questions. Can you help? > > For id type 9 ID_DER_ASN1_DN, I understand I can get it by "openssl x509 > -subject". The fields I get in my result include:C, ST, L, O, CN and > something like emailaddress=foo...@somthing. > So my question: Do I need include all the fields, or just those listed > in the example(means C, O, CN)?
Yes, you must include all the fields in the same order as openssl x509
-subject lists them.
> For the emailAddress thing, how to pass that
> to id2sql? use E=...?
>
emailAddress= is recognized by the id2sql parser.
> For the private keys and certificates, there is no explanation. From the
> example, I guess I just put that in DER format then insert it into the
> database?
yes, certificates and private key files must be converted into DER
format first and then the bin2sql tool can be used:
cat cert.der | scripts/bin2sql
cat key.der | scripts/bin2sql
>
> For the tables ike_configs, peer_configs, child_configs, can you explain
> the purpose of these tables?
INSERT INTO ike_configs (
local, remote
) VALUES (
'192.168.0.100', '192.168.0.1'
);
as you can see, the IP addresses of local and remote peers must
be given in ASCII string form.
INSERT INTO peer_configs (
name, ike_cfg, local_id, remote_id
) VALUES (
'home', 1, 3, 5
);
here the name of the IKE_SA connection configuration is given
and the ike_config as well as the local and remote ID
definitions are referenced.
INSERT INTO child_configs (
name, updown
) VALUES (
'home', 'ipsec _updown iptables'
);
this defines the name of the CHILD_SA connection configuration
and an optional firewall script to be called when the CHILD_SA
has been successfully established.
INSERT INTO peer_config_child_config (
peer_cfg, child_cfg
) VALUES (
1, 1
);
this assigns CHILD_SAs to an IKE_SA.
> In the example, it says INSERT INTO ike_configs (local, remote)
> VALUES('PH_IP_CAROL', 'PH_IP_MOON');
PH_IP_CAROL and PH_IP_MOON are replaced by the actual IP address
strings '192.168.0.100' and '192.168.0.1' before the uml scenario is
run. Have a look at the following SQL file where the replacements have
been done:
http://www.strongswan.org/uml/testresults43/sql/rw-cert/carol.ipsec.sql
> I don't find any definition for PH_IP_CAROL, PH_IP_MOON, can you explain
> what it is?
>
> thanks, Xia Weizhong
>
Best regards
Andreas
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
