[vpn-help] Setting up for RSA

[Richard Pickett]

Hello All,

I'm hitting a problem trying to use shrewsoft w/ RSA certs. Is there a
step-by-step guide (most importantly including the shrewsoft config) for
doing RSA?

I've rolled my own CA, signed out some certs, I use the OU in the RDN to
distinguish rolls, OU=Server just for servers, OU=Client for normal clients
and OU=Admin for administrative clients (may get additional routing
permissions to connect to private nets behind the servers).

So, I did a minimalistic setup on the shrewsoft client, the only things I
configed are:

1. FQDN of the server to connect to
2. Selected Mutual RSA
3. local identity - ASN.1, using the subject of the cert (openswan is set to
use the subject to determine the connection permission)
4. Remote ID - 'any' (just in case this is causing the problem)
5. Credentials - I loaded the ca.pem, and the client's .crt and .key. I
switch around and use pkcs12, pem, you name it, doesn't matter.

(did I miss anything?)

When I tell it to connect, this is the output I get:

config loaded for site 'vhost5.csrtechnologies.com'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
*server cert config failed*
detached from key daemon ...


Why is it hitting me w/ server cert config failed?

When I look in the documentation there's a lot of "this is how ipsec and rsa
works" but I'm not seeing any "this is how you configure the client".

Thanks for any and all help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110709/2e571272/attachment-0001.html>