[vpn-help] unable to verify remote peer certificate

Stefan Bauer stefan.bauer at cubewerk.de
Thu May 6 02:21:06 CDT 2010


Am 06.05.2010 09:05, sftf schrieb:
> Hello Stefan,
> 
> Problem with routing via modeconfig partially solved.

Just received an answer from one of the main developers (strongswan)

08:38 :: Irssi: Join to #strongswan was synced in 8 secs
08:38  <sb> hi, is split-tunneling via modecfg supported?
09:10  <d12fk> sb: not yet, but i will post patches in while

> So I would like to route to two networks: 192.168.0.0/24 and 195.xxx.xxx.224/29 from roadworriors.
> 
> And I write like this
> conn %default
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     left=195.162.52.178
>     leftsubnet=192.168.0.0/24,195.xxx.xxx.224/29
>     leftcert=gw.opene.ru-cert.pem
> 
> And a small note from the documentation, broke my hopes:
>   left|rightsubnet = <ip subnet>
>   ...
>   Further, IKEv2 supports multiple
>   subnets separated by commas. IKEv1 only interprets the first subnet of such a definition.
> 
> So pluto takes only the first subnet and ignore others.
> But racoon (IKEv1 too), unlike pluto, works normally with things like this
> mode_cfg {
>   split_network include 192.168.0.0/24,195.xxx.xxx.224/29;
> }

Yes, but racoon is a different IKE-deamon.

Stefan
-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------



More information about the vpn-help mailing list