I guess your missing a comma in /etc/ipsec.conf on wt8510w:

rightid="C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway E=*" # id of 
gateway

Insert "," between "CN=vpngateway" and " E=*". The correct line would be

rightid="C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway, E=*" # id 
of gateway


The problem is that the pattern

'C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway E=*'

does NOT match

'C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway, 
E=:vpngate...@kc3057.kc.mindef.nl'

I'm not an export when it comes to those Distinguished Names. But I 
guess that "CN=vpngateway E=*" is interpretet as that the common Name 
literally has to be "vpngateway E=*". Or it might be interpretet as a 
multivalue RDN. I don't know for sure.

You can also infer that from the following syslog output:

"Mar 11 10:03:27 wt8510w pluto[6505]: "client1" #1: we require peer to 
have ID 'C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway E=*', but 
peer declares 'C=nl, ST=zh, L=mld, O=ivent, OU=ric, CN=vpngateway, 
E=:vpngate...@kc3057.kc.mindef.nl'"

  Daniel
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to