Racoon failed to get subjectAltName
freebsd-questions at herveybayaustralia.com.au
Thu Mar 15 02:01:43 UTC 2012
I could be wrong in my assumption, but I cannot seem to get this to work
for me and this error will not disappear while my problem continues.
I'm trying to get a RoadWarrior setup for an Android L2TP/IPSec vpn. I
had it working at one time on my LAN but failed getting through the pf
firewall, so I stowed it while I was required to work on something else;
unfortunately I lost the working config somehow (I think? This could be
just the bug) and I had to start again- no biggie as I pulled the info
off the net before so I could do it again.
I recreated some new certificates (the old ones I used to test had
expired- I only gave them a very short life for security reasons), and
recreated what I thought I had before using xca (same as previously).
These include the mandatory SAN: I use email:copy to set this.
No amount of googling has helped my investigations, everything is still
basically the same age as when I first set this up. But racoon insists
the SAN is unavailable now. I've also tried turning off verify identity,
but in spite it says the certificates don't match because of empty
certificate requests; it would seem that it is still looking for the SAN
even though it no longer says so. Googling also verifies that racoon
_requires_ SAN to be set to work.
I've tried other SAN types, but they don't seem to work either. A check
on the certificate shows that it _is_ actually there on all the
certificates, but racoon must be blind or something :)
Can anyone shed some light on this? Has racoon developed a bug on this
at some time?
FWIW racoon wont even pass phase1 so I'd assume it is not working
because of this problem.
More information about the freebsd-questions