subject:"\/etc\/ipsec.conf default peer psk\/dstid mismatch"

ipsec.conf x509 ( was Re: /etc/ipsec.conf default peer psk/dstid mismatch)

2010-03-31 Thread a b

Hi, I hope someone on-list can give me a few helpful pointers in the right direction. I've setup certs as per "X509 AUTHENTICATION" section of the isakmpd man page. However it is a bit unclear as to what I need to put in ipsec.conf to make this work. I've tried a bit of Google trawling, however

Re: /etc/ipsec.conf default peer psk/dstid mismatch

2010-03-30 Thread a b

Thanks for the wise words Stuart.makes sense now ! > Stuart Henderson wrote : >you can only have one "peer any" configured. therefore if you >want to have users connecting from unknown addresses, they must >either use the same psk, or use keys instead.

Re: /etc/ipsec.conf default peer psk/dstid mismatch

2010-03-30 Thread Stuart Henderson

On 2010-03-30, a b wrote: > Hello List, > > I've got this config that is working beautifully : > #ROAD > WARRIOR > ike passive from 10.1.2.3 to 10.9.8.0/24 \ > peer any \ > main auth > hmac-sha2-256 enc aes-256 group modp2048 \ > quick auth hmac-sha2-256 enc > aes-256 \ > srcid 192.168.111.1 dst

/etc/ipsec.conf default peer psk/dstid mismatch

2010-03-30 Thread a b

Hello List, I've got this config that is working beautifully : #ROAD WARRIOR ike passive from 10.1.2.3 to 10.9.8.0/24 \ peer any \ main auth hmac-sha2-256 enc aes-256 group modp2048 \ quick auth hmac-sha2-256 enc aes-256 \ srcid 192.168.111.1 dstid a...@example.com \ psk some_very_long_and_comp