Am Thu, 01 Nov 2007 23:07:50 -0700 schrieb tohyob:
> I need to know whether it is necessary setup certificates authorities
> and certificates if I want to create a net-to-(linux)laptop VPN by
> means of Openswan. I have difficulties while using only RSA keys: the
> gateway on the net side says that ip must be known... I set "left=
> %any".
> What have I to check?
Usually in you config shoulb something like this:
[..]
leftcert=foo.pem
leftrsasigkey=%cert
rightcert=bar.pem
rightid=@remoteid (optional)
rightrsasigkey=%cert
authby=rsasig
[..]
The certificate will be checked in Phase1, you need to put your CA key,
your CA and the client certs in the right dirs under /etc/ipsec.d/....
For RSA only you put those Keys usually in a DNS, Openswan checks then the
key via fqdn.
cheers
|
Similar Threads
Linear Mode
