Hi ! ASN.1 and the remote CA Cert made it work :)
Thanks ! Von: Dan Candea [mailto:dan.can...@quah.ro] Gesendet: Dienstag, 9. August 2011 14:21 An: support@pfsense.com Betreff: Re: [pfSense Support] pfSense 2.0 IPSec-VPN with Certs On 03.08.2011 14:46, Fuchs, Martin wrote: Hi ! Does anyone have mutual-RSA-IPSec VPN working with 2.0 ? All settings I tried do not work, I always get errors: racoon: ERROR: failed to get subjectAltName racoon: ERROR: racoon: ERROR: no peer's CERT payload found. These errors are away as soon as I use PSKs, so I think it hust have something to do with the generated certs... Any ideas ? Regards, Martin I've generated a CA and use it to make certificate for server and users. software from shrew.net as a client remote anonymous { ph1id 1; exchange_mode aggressive; my_identifier asn1dn ; peers_identifier asn1dn ; ike_frag on; generate_policy = unique; initial_contact = off; nat_traversal = on; certificate_type x509 "cert-1.crt" "cert-1.key"; ca_type x509 "ca-1.crt"; dpd_delay = 10; dpd_maxfail = 5; support_proxy on; proposal_check claim; passive on; proposal { authentication_method xauth_rsa_server; encryption_algorithm 3des; hash_algorithm sha1; dh_group 2; lifetime time 28800 secs; } } -- Dan Cândea Does God Play Dice?