Hi !
I'm just trying to set up a linux box with FreeS/WAN + X.509 Patch as a VPN client (connecting to a astaro 3.2 box).
I created a Root CA, signed certificate for the Astaro Box and made it the local X.509 key.
Now i signed a certificate for my linux client and assigned it to a connection.
My local ipsec.conf:
-------------------SNIP------------------------------
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
compress=yes
#disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
left=194.xx.xx.9
leftsubnet=194.xx.xx.9/255.255.255.xx
also=roadwarrior
conn roadwarrior
left=194.xx.xx.9
#leftid="hage@krankikom.de"
leftcert=firewall.pem
right=%defaultroute
rightcert=patrick.pem
auto=add
pfs=yes
-------------------SNIP------------------------------
"firewall.pem" is the astaro box's certificate, "patrick.pem" is the certificate i assigned to the connection.
When i try to connect, the vpn box logs the following:
Sep 17 18:42:31 dmz-firewall Pluto[9289]: "patrick_1" 80.xx.xx.xx #30: X.509 certificate rejected
Sep 17 18:42:31 dmz-firewall Pluto[9289]: "patrick_1" 80.xx.xx.xx #30: no suitable connection for peer 'C=de, ST=NRW, L=Duisburg, O=Krankikom GmbH, OU=Technik, CN=hage@krankikom.de, E=hage@krankikom.de'
My local box logs the following, don't think it's a related problem:
Sep 17 19:06:28 cube ipsec__plutorun: ipsec_auto: error in "roadwarrior-net": (/etc/ipsec.conf, line 23) duplicated parameter "left"
(if i remove the "left" parameter from either "roadwarrior" or "roadwarrior-net" it produces an error like "parameter 'left' missing")
I'm using FreeS/WAN Version 1.91 including X.509 patch (Version 0.9.2)
(installed from rpm found at http://www.suse.de/~garloff/linux/FreeSWAN/ )
Any help would be appreciated !
Regards,
Patrick
This thread was automatically locked due to age.
