On 03.08.2011 14:46, Fuchs, Martin wrote:
Hi !
Does anyone have mutual-RSA-IPSec VPN working with 2.0 ?
All settings I tried do not work, I always get errors:
racoon: ERROR: failed to get subjectAltName
racoon: ERROR:
racoon: ERROR: no peer's CERT payload found.
These errors are away as soon as I use PSKs, so I think it hust have
something to do with the generated certs...
Any ideas ?
Regards,
Martin
I've generated a CA and use it to make certificate for server and users.
software from shrew.net as a client
remote anonymous
{
ph1id 1;
exchange_mode aggressive;
my_identifier asn1dn ;
peers_identifier asn1dn ;
ike_frag on;
generate_policy = unique;
initial_contact = off;
nat_traversal = on;
certificate_type x509 "cert-1.crt" "cert-1.key";
ca_type x509 "ca-1.crt";
dpd_delay = 10;
dpd_maxfail = 5;
support_proxy on;
proposal_check claim;
passive on;
proposal
{
authentication_method xauth_rsa_server;
encryption_algorithm 3des;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}
--
Dan Cândea
Does God Play Dice?