This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

x509 problem

asta1 static
asta2 dynamic

i want to create a tunnel with x509 between asta1 and asta2.
asta1 i have configured as shown in the documentation. but how to configure a second astaro its not showing. so i tried some things my self but dont get it working. with a client with ssh sentinel i can make a connection to asta1. is there any docu for this second part to.

This thread was automatically locked due to age.

0 orhan over 22 years ago

nobody with experience about this???? still dont got it working. psk works great but i want to switch to x509.
Cancel
Vote Up 0 Vote Down

Cancel
0 bagira over 22 years ago

orhan,
firstly you have to create a signing CA on one of your ASLs. Then create a certificate for each ASL on the same box, and issue that with the signing CA.
After downloading the certificate for ASL2 (remote) and the CA as ".der", you have to import the certificate and the local key of your CA into the ASL2. The CA appaers as a verification CA in ASL2.
Furthemore, define the local key on each ASL, while selecting the certificate.
In the remote key section define a new remote key with the vpn identifier, you filled in by creating the certificate. To finish your VPN, define a new connection on both ASLs.
Cancel
Vote Up 0 Vote Down

Cancel
0 orhan over 22 years ago in reply to bagira

at the moment i have ipsec with PSK. should i delete those connections first.
Cancel
Vote Up 0 Vote Down

Cancel