Thanks a lot Erich :) You made my day! It was just adding the word "RSA" in /etc/ipsec.secrets, and connection is established :)
one other question for general understandment though.. On the leaf system a separate interface is brought up ipsec0 and on my other pc it's just eth0 which is being used, making it useless for its former connection with the leaf system.. So no more pinging or ssh connection is possible.. Tom Citeren Erich Titl <[EMAIL PROTECTED]>: > Tom > > Tom Hendrickx wrote: >> Hey >> >> Citeren Erich Titl <[EMAIL PROTECTED]>: >> >>> Tom >>> >>> Tom Hendrickx wrote: >>>> Hi! thanks Charles for your reply, but I fear it didn't helped.. >>>> >>>> the subnet for the roadwarrior I got from here : >>>> http://wiki.openswan.org/index.php/Openswan/ExtrudedSubnetRoadWarrior >>> This example only shows an extruded subnet consisting of a _single_ >>> address, not a subnet. _And_ it uses the %defaultroute and the %any >>> as addresses for the right party, e.g. the road warrior. Now the >>> keys in this case come from DNS, which might not be the case in >>> your environment. >>> >> Indeed, I work with selfmade certificats and keys.. RSA keys made by tinyCA2 > > This should not be a problem. > >> >> >>> Please have a look at the auth.log and/or ipsec barf to see what >>> state your connection is in . >>> >> and looking at ipsec barf, the keys seems to be the problem.. >> on both sides it says: >> loading secrets from "/etc/ipsec.secrets" >> "/etc/ipsec.secrets" line 2: unrecognized key format: client-key.pem > > Well, there is a defined format for ipsec.secrets with X.509 > certificates. In my case it is > > : RSA gatekeeper.key > >> >> and after this at the authentication, it's unable to find the key >> for RSA Signature.. > > no surprise :-) > >> >> for configuring secrets I followed: >> http://leaf.sourceforge.net/doc/bucu-openswan.html >> >> and in secrets I have : ": client-key.pem test" > > This is wrong, see above. > >> >> for making my keys I followed: >> http://leaf.sourceforge.net/doc/bucu-tinyca.html >> > > Actually the original documentation is at openswan.org. I must admit > it is kind of terse :-) > > Some of the configuration stuff is difficult to come by, there is > always http://www.freeswan.org/ > > cheers > > Erich > > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
