Re: VPN gateway

To: Craig <craigsc@zdata.co.za>
Cc: Debian-Security <debian-security@lists.debian.org>, Debian-ISP <debian-isp@lists.debian.org>
Subject: Re: VPN gateway
From: "Jeremy T. Bouse" <jbouse@debian.org>
Date: Sun, 25 May 2003 19:32:45 -0700
Message-id: <[🔎] 20030526023245.GA4412@UnderGrid.net>
Mail-followup-to: Craig <craigsc@zdata.co.za>, Debian-Security <debian-security@lists.debian.org>, Debian-ISP <debian-isp@lists.debian.org>
In-reply-to: <[🔎] EKEFJFPGECILAOEPADMKMECNDCAA.craigsc@zdata.co.za>
References: <[🔎] EKEFJFPGECILAOEPADMKMECNDCAA.craigsc@zdata.co.za>

	Did you already check out documentation at the following URL?

http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/interop.html#microsoft

	I've got several FreeS/WAN 1.99 gateways with Windows 2K or XP clients
but I don't use the built-in IPSec for 2K or XP but rather use SSH Sentinel for
all Microsoft clients... But this URL might be able to point you to some help...

	Regards,
	Jeremy

On Sun, May 25, 2003 at 05:53:11PM +0200, Craig wrote:
> Hi Guys
> 
> Having a few problems with setting up a VPN gateway on Linux, 
> specifically a debian firewall box and having windows 2000 
> boxes authenticate using certs.
> 
> I have generated a cert for the gateway machine using the openssl packages
> and installed it. I have also configured freeswan to the best of my 
> knowledge and then generated a cert for a test windows 2000 machine and
> afaik they are not authenticating.
> 
> Here is a copy of the freeswan config file on the VPN gateway:
> 
> 
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	plutoload=%search
> 	plutostart=%search
> 	uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> 	keyingtries=2
> 	compress=yes
> 	disablearrivalcheck=no
> 	authby=rsasig
> 	leftrsasigkey=%cert
> 	rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
> 	leftsubnet=10.3.0.0/23
> 	also=roadwarrior
> 
> 
> 
> conn roadwarrior
> 	right=%any
> 	left=%defaultroute
> 	leftcert=gateway.pem
> 	auto=add
> 	pfs=yes
> 
> And here is a copy of the ipsec.conf file on the windows 2000 box:
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	plutoload=%search
> 	plutostart=%search
> 	uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> 	keyingtries=2
> 	compress=yes
> 	disablearrivalcheck=no
> 	authby=rsasig
> 	leftrsasigkey=%cert
> 	rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
> 	leftsubnet=10.3.0.0/23
> 	also=roadwarrior
> 
> 
> 
> conn roadwarrior
> 	right=%any
> 	left=%defaultroute
> 	leftcert=gw.frame.co.za.pem
> 	auto=add
> 	pfs=yes
> 
> Any help would be appreciated.
> 
> ..c
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- VPN gateway
  - From: "Craig" <craigsc@zdata.co.za>

Prev by Date: Re: Masquerade and DNAT with iptables
Next by Date: Re: VPN gateway
Previous by thread: VPN gateway
Next by thread: Re: VPN gateway
Index(es):
- Date
- Thread