Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 639 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

authentication x509 ip-address was changing

Krischeu
Dear NG,

does anyone know something about x509-certificates?
I was creating succesfully a tunnel from 192.168.22.x to 192.168.22.y.
After i recieved my external ip-adresses, i was changing the standardgateway eth4 to eth0 and i also changed the ip-addresses.

I can fire up the tunnel but it will not come up. It is still waiting and say to me " pending phase 2". If i changed the authentication from x509 to PSK it works great. So, routing and firewall-rules are ok - hopefully.

Really strange, because it works fine before i changed into offical ip-addresses. 

Is this a astaro-bug or have i to create new certificates and new signing ca?


This thread was automatically locked due to age.
  • 0
    Depends what is used in the X509 for VPN-ID. If it is the ip address, then off course the certifcate is not valid anymore, because the IP changed.
  • 0 in reply to NimmdirKeks
    Hi,
    I am using a standard x509-certificate. It is using Distinguish Name.
    If i am create a certificate the field "VPN ID: X509 DN" is empty!!!
    Every other field will be filled with Name, etc.

    This all was working bevore i changed the ip-address to offical one.
    Perhabs it could be a problem from a DNS-entry and Name-resolution.
    I do not really know, what in hell is inside the certificate. Perhabs the ip-address AND perhabs the real name of the firewall.

    So tomorrow i will see, because my provider creates nameentry for my ip-addresses.

    Do you have any more hints?
    Thanks in advance.
  • 0 in reply to Krischeu
    solved
    mtu is the problem
    by creating the encryption of the certificates to 1024 it is working.
Cookie Information Banner