I’m trying to connect two ipfires with a IPsec N2N tunnel. According to the Wiki it shouldn’t be a big deal to get a working connection within a short time. I spent several hours and can’t get it to work.
I’d like to use certificate-based authentication and I’m following the instructions in these two Wiki articles:
Global configuration (sorry for the missing link but as a “new” member I’m only allowed to put two links into my first article)
I ran into troubles when it came to import the CA certificates on each of my ipfires, an error message “not a valid CA certificate” popped up. After some time I found out that this could be a bug in Core 158/159, which is being described here:
After reading the article I understand that I have to export the CA certificate over a SFTP-connection, which worked very well.
But now I stuck at the next step when it comes to import the host ceritficates. Depending on which filename I choose for the uploaded certificate, there are different error messages.
Using hostcert.pem (as the default exported certificate name is):
Error Message is "Certificate file move failed: No such file or directory "
Using another filename, e.g. myhost.pem:
Error Message is “Certificate file move failed: No child processes”
I can’t figure out what is wrong here, because I don’t have a clue where I can look into to get further information about this issue - or at least I didn’t find the correct error log for this.
Any help would be very appreciated, thank you in advance.
Hello Michael,
thanks for your help!
Unfortunately I’m not familiar with Perl, but I think I’m able to replace a Perl script
my plan:
get vpnmain.cgi from repository using wget
replace vpmain.cgi locally
modify permissions of the file
Is this the correct procedure?
I was using a PSK before, but it’s more sophisticated using certificates instead, isn’t it?
It’s also nice to know that a fix is already on it’s way. Great, thank you guys!
Which URL points to the fixed vpnmain.cgi?
Or do I have to patch it on my own?
I managed to replace vpnmain.cgi - your fix is working (of course), thank you so much!
Something is still wrong in my VPN configuration and I have to look into it once more.
Between IPFire to IPFire is prefer certificates because it is easy and more secure. With other vendors, it might be tricky to generate and import the certificates. I would assume that the majority of VPNs created with IPFire will be using PSKs.
