Hello All, I'm hitting a problem trying to use shrewsoft w/ RSA certs. Is there a step-by-step guide (most importantly including the shrewsoft config) for doing RSA?
I've rolled my own CA, signed out some certs, I use the OU in the RDN to distinguish rolls, OU=Server just for servers, OU=Client for normal clients and OU=Admin for administrative clients (may get additional routing permissions to connect to private nets behind the servers). So, I did a minimalistic setup on the shrewsoft client, the only things I configed are: 1. FQDN of the server to connect to 2. Selected Mutual RSA 3. local identity - ASN.1, using the subject of the cert (openswan is set to use the subject to determine the connection permission) 4. Remote ID - 'any' (just in case this is causing the problem) 5. Credentials - I loaded the ca.pem, and the client's .crt and .key. I switch around and use pkcs12, pem, you name it, doesn't matter. (did I miss anything?) When I tell it to connect, this is the output I get: config loaded for site 'vhost5.csrtechnologies.com' configuring client settings ... attached to key daemon ... peer configured iskamp proposal configured esp proposal configured client configured *server cert config failed* detached from key daemon ... Why is it hitting me w/ server cert config failed? When I look in the documentation there's a lot of "this is how ipsec and rsa works" but I'm not seeing any "this is how you configure the client". Thanks for any and all help.
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
