Hi Andreas Thanks for all the support so far.
I am trying to duplicate the uml test in a native environment, then I tried to manually start up ipsec on the road warrior, by /etc/init.d/ipsec start /etc/init.d/ipsec up home then ipsec reports "up" is not supported. Where am I doing wrong? thanks, Xia Weizhong 2010/1/28 Andreas Steffen <[email protected]> > Xia Weizhong wrote: > > Hi Andreas > > > > After check the sqlite howto and the example you mentioned, I still got > > several questions. Can you help? > > > > For id type 9 ID_DER_ASN1_DN, I understand I can get it by "openssl x509 > > -subject". The fields I get in my result include:C, ST, L, O, CN and > > something like emailaddress=foo...@somthing. > > So my question: Do I need include all the fields, or just those listed > > in the example(means C, O, CN)? > > Yes, you must include all the fields in the same order as openssl x509 > -subject lists them. > > > For the emailAddress thing, how to pass that > > to id2sql? use E=...? > > > emailAddress= is recognized by the id2sql parser. > > > For the private keys and certificates, there is no explanation. From the > > example, I guess I just put that in DER format then insert it into the > > database? > yes, certificates and private key files must be converted into DER > format first and then the bin2sql tool can be used: > > cat cert.der | scripts/bin2sql > > cat key.der | scripts/bin2sql > > > > > For the tables ike_configs, peer_configs, child_configs, can you explain > > the purpose of these tables? > > INSERT INTO ike_configs ( > local, remote > ) VALUES ( > '192.168.0.100', '192.168.0.1' > ); > > as you can see, the IP addresses of local and remote peers must > be given in ASCII string form. > > INSERT INTO peer_configs ( > name, ike_cfg, local_id, remote_id > ) VALUES ( > 'home', 1, 3, 5 > ); > > here the name of the IKE_SA connection configuration is given > and the ike_config as well as the local and remote ID > definitions are referenced. > > INSERT INTO child_configs ( > name, updown > ) VALUES ( > 'home', 'ipsec _updown iptables' > ); > > this defines the name of the CHILD_SA connection configuration > and an optional firewall script to be called when the CHILD_SA > has been successfully established. > > INSERT INTO peer_config_child_config ( > peer_cfg, child_cfg > ) VALUES ( > 1, 1 > ); > > this assigns CHILD_SAs to an IKE_SA. > > > In the example, it says INSERT INTO ike_configs (local, remote) > > VALUES('PH_IP_CAROL', 'PH_IP_MOON'); > > PH_IP_CAROL and PH_IP_MOON are replaced by the actual IP address > strings '192.168.0.100' and '192.168.0.1' before the uml scenario is > run. Have a look at the following SQL file where the replacements have > been done: > > http://www.strongswan.org/uml/testresults43/sql/rw-cert/carol.ipsec.sql > > > I don't find any definition for PH_IP_CAROL, PH_IP_MOON, can you explain > > what it is? > > > > thanks, Xia Weizhong > > > > Best regards > > Andreas > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
