Displaying 9 results from an estimated 9 matches for "certificate_type".
2007 Feb 03
0
ipsec and x509 certificate
...k.txt";
path certificate "/etc/certs";
remote anonymous
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
lifetime time 2 min; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
certificate_type x509 "slave1.public" "slave1.private";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
en...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...l/etc/racoon/certs";
listen {
isakmp 192.168.2.10;
strict_address;
}
remote 192.168.2.11 {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
my_identifier asn1dn;
peers_identifier asn1dn;
verify_identifier on;
certificate_type x509 "mad.public" "mad.private";
peers_certfile x509 "laptop.public";
send_cert on;
send_cr on;
verify_cert on;
lifetime time 300 sec;
passive off;
proposal_check strict;
nonce_size 256;
proposal...
2005 May 12
1
Has anybody managed to get native IPSec working?
...e (no passphrase, so
that racoon can read the key) and host-a.public and likewise for host-b,
just the way ifup-ipsec script expects them to be.
After doing "ifup IPSecToHostB" on host-a, and "ifup IPSecToHostA" on
host-b, the generated racoon configuration looks good (long
certificate_type line might get wrapped around by my mail client, but it
is a single line in the configuration file). This is store in
/etc/racoon/192.168.1.100.conf, which is included from racoon.conf.
remote 192.168.1.100
{
exchange_mode aggressive, main;
my_identifier asn1dn;
peers...
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
.../racoon/racoon.sock" "root" "nobody" 0660;
>>> isakmp 172.28.45.4 [500];
>>> isakmp_natt 172.28.45.4 [4500];
>>> }
>>>
>>> remote anonymous {
>>> exchange_mode aggressive;
>>> certificate_type x509 "gwenc.crt" "gwenc.key";
>>> my_identifier asn1dn;
>>> proposal_check claim;
>>> generate_policy on;
>>> nat_traversal on;
>>> dpd_delay 20;
>>> ike_frag on;
>>...
2007 Oct 12
0
OT: a very big problem with ipsec-tools on CentOS5
...dfile "/var/run/racoon.pid";
#log debug;
listen {
adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660;
isakmp 172.28.45.4 [500];
isakmp_natt 172.28.45.4 [4500];
}
remote anonymous {
exchange_mode aggressive;
certificate_type x509 "gwenc.crt" "gwenc.key";
my_identifier asn1dn;
proposal_check claim;
generate_policy on;
nat_traversal on;
dpd_delay 20;
ike_frag on;
passive on;
proposal {
encryption_algorithm aes;...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...192.168.1.1/require
ah/tunnel/192.168.1.2-192.168.1.1/require;
spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec
esp/tunnel/192.168.1.1-192.168.1.2/require
ah/tunnel/192.168.1.1-192.168.1.2/require;
Racoon.conf
remote 192.168.1.1
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "Memphis.public" "Memphis.private";
peers_certfile "Zeus.public";
proposal{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024; #I don''t understand this option
}
}
sainfo anonymous
{
pfs_group modp1024; #I...
2015 Feb 17
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
...ate chain used for signing.pem
cert certificate.pem
key privatekey.pem
crl-verify crl.pem
OpenLDAP appears similar to OpenVPN with (appears not to support CRLs):
TLSCACertificatePath
TLSCertificateFile
TLSCertificateKeyFile
Racoon wants (appears not to support CRLs):
certificate_type x509 certfile keyfile
ca_type x509 ca.pem
But the man page doesn't talk about where the chain goes.
So it appears one should generate the following file formats to satisfy all the software out there:
1. cert standalone (OpenVPN, Racoon, OpenLDAP, Postfix, Apache 2.4.7 and earlier)
2. cert...
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...ipv4
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/racoon/racoon.conf (dynamically generated):
path certificate "/etc/racoon/certs";
>
> listen
> {
> isakmp 5.6.7.8;
> }
>
> remote 1.2.3.4
> {
> exchange_mode main;
> certificate_type x509 "sandy.pem" "sandy_key.pem";
> verify_cert on;
> my_identifier asn1dn ;
> peers_identifier asn1dn ;
> verify_identifier on ;
> lifetime time 24 hour ;
> proposal {
> encryption_algorithm blowfish;
> hash_algori...
2007 Nov 15
2
IPSEC help
..."log" specifies logging level. It is followed by either "notify",
"debug"
# or "debug2".
log debug;
remote anonymous
{
exchange_mode main,aggressive,base;
#exchange_mode main,base;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "bsd.public" "bsd.priv" ;
lifetime time 24 hour ; # sec,min,hour
#initial_contact off ;
#passive on ;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig...