Displaying 8 results from an estimated 8 matches for "asn1dn".
Did you mean:
asn1
2007 Feb 03
0
ipsec and x509 certificate
...block and was wondering if someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/certs";
remote anonymous
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
lifetime time 2 min; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
certificate_type x509 "slave1.public" "slave1.private";
proposal {
encryption_algorithm 3des;...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...key "/usr/local/etc/racoon/psk.txt";
path certificate "/usr/local/etc/racoon/certs";
listen {
isakmp 192.168.2.10;
strict_address;
}
remote 192.168.2.11 {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
my_identifier asn1dn;
peers_identifier asn1dn;
verify_identifier on;
certificate_type x509 "mad.public" "mad.private";
peers_certfile x509 "laptop.public";
send_cert on;
send_cr on;
verify_cert on;
lifetime time 300 sec;...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...out ipsec
esp/tunnel/192.168.1.2-192.168.1.1/require
ah/tunnel/192.168.1.2-192.168.1.1/require;
spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec
esp/tunnel/192.168.1.1-192.168.1.2/require
ah/tunnel/192.168.1.1-192.168.1.2/require;
Racoon.conf
remote 192.168.1.1
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "Memphis.public" "Memphis.private";
peers_certfile "Zeus.public";
proposal{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024; #I don''t understand this option
}
}...
2005 May 12
1
Has anybody managed to get native IPSec working?
...long
certificate_type line might get wrapped around by my mail client, but it
is a single line in the configuration file). This is store in
/etc/racoon/192.168.1.100.conf, which is included from racoon.conf.
remote 192.168.1.100
{
exchange_mode aggressive, main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "/etc/racoon/certs/host-a.public"
"/etc/racoon/certs/host-a.private";
peers_certfile "/etc/racoon/certs/host-b.public";
proposal {
encryption_algorithm 3des;...
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...ted):
path certificate "/etc/racoon/certs";
>
> listen
> {
> isakmp 5.6.7.8;
> }
>
> remote 1.2.3.4
> {
> exchange_mode main;
> certificate_type x509 "sandy.pem" "sandy_key.pem";
> verify_cert on;
> my_identifier asn1dn ;
> peers_identifier asn1dn ;
> verify_identifier on ;
> lifetime time 24 hour ;
> proposal {
> encryption_algorithm blowfish;
> hash_algorithm sha1;
> authentication_method rsasig ;
> dh_group 2 ;
> }
> }
>
> s...
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
....45.4 [500];
>>> isakmp_natt 172.28.45.4 [4500];
>>> }
>>>
>>> remote anonymous {
>>> exchange_mode aggressive;
>>> certificate_type x509 "gwenc.crt" "gwenc.key";
>>> my_identifier asn1dn;
>>> proposal_check claim;
>>> generate_policy on;
>>> nat_traversal on;
>>> dpd_delay 20;
>>> ike_frag on;
>>> passive on;
>>> proposal {
>>> encr...
2007 Oct 12
0
OT: a very big problem with ipsec-tools on CentOS5
.../racoon/racoon.sock" "root" "nobody" 0660;
isakmp 172.28.45.4 [500];
isakmp_natt 172.28.45.4 [4500];
}
remote anonymous {
exchange_mode aggressive;
certificate_type x509 "gwenc.crt" "gwenc.key";
my_identifier asn1dn;
proposal_check claim;
generate_policy on;
nat_traversal on;
dpd_delay 20;
ike_frag on;
passive on;
proposal {
encryption_algorithm aes;
hash_algorithm sha256;
authentication_method hyb...
2007 Nov 15
2
IPSEC help
...ate "/usr/local/openssl/certs" ;
# "log" specifies logging level. It is followed by either "notify",
"debug"
# or "debug2".
log debug;
remote anonymous
{
exchange_mode main,aggressive,base;
#exchange_mode main,base;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "bsd.public" "bsd.priv" ;
lifetime time 24 hour ; # sec,min,hour
#initial_contact off ;
#passive on ;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm 3des;
h...