Road Warrior: certificates or not? - Networking

This is a discussion on Road Warrior: certificates or not? - Networking ; Hi, I need to know whether it is necessary setup certificates authorities and certificates if I want to create a net-to-(linux)laptop VPN by means of Openswan. I have difficulties while using only RSA keys: the gateway on the net side ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Road Warrior: certificates or not?

  1. Road Warrior: certificates or not?

    Hi,
    I need to know whether it is necessary setup certificates authorities
    and certificates if I want to create a net-to-(linux)laptop VPN by
    means of Openswan. I have difficulties while using only RSA keys: the
    gateway on the net side says that ip must be known... I set "left=
    %any".
    What have I to check?


  2. Re: Road Warrior: certificates or not?

    Am Thu, 01 Nov 2007 23:07:50 -0700 schrieb tohyob:

    > I need to know whether it is necessary setup certificates authorities
    > and certificates if I want to create a net-to-(linux)laptop VPN by
    > means of Openswan. I have difficulties while using only RSA keys: the
    > gateway on the net side says that ip must be known... I set "left=
    > %any".
    > What have I to check?


    Usually in you config shoulb something like this:
    [..]
    leftcert=foo.pem
    leftrsasigkey=%cert
    rightcert=bar.pem
    rightid=@remoteid (optional)
    rightrsasigkey=%cert
    authby=rsasig
    [..]

    The certificate will be checked in Phase1, you need to put your CA key,
    your CA and the client certs in the right dirs under /etc/ipsec.d/....

    For RSA only you put those Keys usually in a DNS, Openswan checks then the
    key via fqdn.

    cheers

+ Reply to Thread