Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec with asn1dn identifier

    Scheduled Pinned Locked Moved IPsec
    7 Posts 5 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ericx
      last edited by

      I'm trying to use PFSense as a remote, dynamic IP IPSec client tunnelling back a nat'ed subnet to a standard FreeBSD 6.2 with racoon. I'm using certificates for authentication. I keep getting:

      ERROR: failed to get subjectAltName
      

      Which, I understand, indicates I need to use:

      my_identifier asn1dn;
      

      instead of:

      my_identifier fqdn "foo.bar.tld";
      

      Sadly, PFSense gui doesn't support this option; and when I edit /var/etc/racoon.conf it doesn't survive reboot. Is there a version of the racoon conf on an unmounted portion of the CF (I'm using the embedded version)?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Not currently.

        Patches would be most accepted, however to change this.

        1 Reply Last reply Reply Quote 0
        • E
          ericx
          last edited by

          Ok.  At the risk of failing miserably at RTFM, can you point me towards an overview of the current racoon.conf construction?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • N
            nic
            last edited by

            @sullrich:

            Not currently.

            Patches would be most accepted, however to change this.

            We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

            Best regards,
                  -nic

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @nic:

              We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

              'diff -rub' and email to sullrich@gmail.com.

              1 Reply Last reply Reply Quote 0
              • N
                nic
                last edited by

                @cmb:

                @nic:

                We have patched around this limitation with 1.2-Beta-1 (June 7, 2007), what is the preferred technique for preparing and submitting a patch?

                'diff -rub' and email to sullrich@gmail.com.

                Thanks, I have sent a patch along.
                    -nic

                1 Reply Last reply Reply Quote 0
                • V
                  vchepkov
                  last edited by

                  if the server needs to be identified as well, peers_identifier asn1dn option is also necessary

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.