Em 05-11-2015 05:28, Toyam Cox escreveu:
> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
> Variable lookup still failed.
You need to recreate the certs. Each time you create one, you'll need to
edit x509v3 to match the cert being created. At least this did the trick
for me.
: ikev2_recv: IKE_SA_INIT response
> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
> bytes
> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
> certificate found
>
> This is coupled with, as I create the ca key...
> # ikectl ca vpn1 cre
5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
>> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
>> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
>> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
>> byt
On Fri, Nov 06, 2015 at 12:24:30AM -0500, Toyam Cox wrote:
> I'm running 5.8-release.
ikectl ca in 5.8 is non-functional as LibreSSL removed support for
environment variables in openssl cnf files and this was not
noticed/fixed until after 5.8.
Here is a patch against 5.8 that adds the changes to
my remote host, I get (ips and hostnames redacted):
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
&g
nd hostnames redacted):
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
>> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
>> >> from resp
'policy1' id 0, 471
bytes
Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
certificate found
This is coupled with, as I create the ca key...
# ikectl ca vpn1 create
CA passphrase:
Retype CA passphrase:
[stuff-happens-and-inputs]
Getting Private key
Using configuration from /etc/ssl
7 matches
Mail list logo
