IPSEC help

Bjoern Engels bj at 0x20.net
Thu Nov 15 05:04:37 PST 2007


Hi John,

On Thu, Nov 15, 2007 at 03:14:04AM -0800, john decot wrote:
>         I am new to ipsec and trying to connect my bsd server with win 2000. I have succeeded to tunnel using pre-shared key. But regarding certificate , I failed to get success.
> 
>       The following are configuration :
> 
> racoon.conf
[...]
> --------------------------END------------------------------------------------------------------
> certificate are created in bsd with following commands:

Log file contents would be helpful. Anyway - I had these statements in
my config file a while ago, when I used racoon with certificates:

remote anonymous {
[...]
        ca_type          x509 "cacert.pem";
        certificate_type x509 "foo.net.pem" "foo.key-nopass";
        peers_certfile   x509 "bar.pem";
        send_cert on;
        my_identifier    asn1dn;
        peers_identifier asn1dn "C=foo, ST=foo, L=foo, O=foo, CN=bar/emailAddress=foo";
        verify_identifier on;
[...]
}

You'll have to fill in the correct values for peers_identifier asn1dn,
of course.

HTH
-- 
Viele Gruesse // Best regards
Bjoern Engels
                                                                    :wq!


More information about the freebsd-security mailing list