[Swan] Adding host to subnet VPN

Alex mysqlstudent at gmail.com
Tue Feb 23 01:41:42 UTC 2016


>> Can I just leave out the subnet declarations where they're not
>> necessary? Assuming 'arcade' ( was the name of the
>> roadwarrior host and its default route is
>> conn VPN-DGHQ-DGXO-2
>>     auto=start
>>     left=
>>     leftnexthop=
>>     leftsubnet=
>>     leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
>> CN=orion.example.com"
> Here you have a problem. When ID start with @, it's ID type FQDN.
> But your id is really ID_DER_ASN1_DN type, certificate subject.
> Remove character "@".

This is actually the configuration I have from a working system. I'll
remove the @, but the problem I'm having now is with creating a new
certificate for another host.

I'm confused about the newhostkey part. Can someone help me with the
steps needed to create the host key and certificate?

I've read through the NSS HOWTO, and I don't understand :-(


More information about the Swan mailing list