IPSec with asn1dn identifier

ericx

I'm trying to use PFSense as a remote, dynamic IP IPSec client tunnelling back a nat'ed subnet to a standard FreeBSD 6.2 with racoon. I'm using certificates for authentication. I keep getting:

ERROR: failed to get subjectAltName

Which, I understand, indicates I need to use:

my_identifier asn1dn;

instead of:

my_identifier fqdn "foo.bar.tld";

Sadly, PFSense gui doesn't support this option; and when I edit /var/etc/racoon.conf it doesn't survive reboot. Is there a version of the racoon conf on an unmounted portion of the CF (I'm using the embedded version)?

Thanks.

sullrich

Not currently.

Patches would be most accepted, however to change this.

ericx

Ok.  At the risk of failing miserably at RTFM, can you point me towards an overview of the current racoon.conf construction?

Thanks.

nic

@sullrich:

Not currently.

Patches would be most accepted, however to change this.

We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

Best regards,
      -nic

cmb

@nic:

We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

'diff -rub' and email to sullrich@gmail.com.

nic

@cmb:

@nic:

We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

'diff -rub' and email to sullrich@gmail.com.

Thanks, I have sent a patch along.
    -nic

vchepkov

if the server needs to be identified as well, peers_identifier asn1dn option is also necessary