Re: VPN gateway
hello,
i think you are using the ipsec.exe on http://vpn.ebootis.de on win2k/xp
side to generate the policies.
in this case you should also take a look on
http://vpn.ebootis.de/ipsec-conf.htm for the windoze ipsec.conf
buz
On Son, 2003-05-25 at 17:53, Craig wrote:
> Hi Guys
>
> Having a few problems with setting up a VPN gateway on Linux,
> specifically a debian firewall box and having windows 2000
> boxes authenticate using certs.
>
> I have generated a cert for the gateway machine using the openssl packages
> and installed it. I have also configured freeswan to the best of my
> knowledge and then generated a cert for a test windows 2000 machine and
> afaik they are not authenticating.
>
> Here is a copy of the freeswan config file on the VPN gateway:
>
>
>
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
>
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
>
>
>
> # basic configuration
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
>
>
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> keyingtries=2
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
>
>
> conn roadwarrior-net
> leftsubnet=10.3.0.0/23
> also=roadwarrior
>
>
>
> conn roadwarrior
> right=%any
> left=%defaultroute
> leftcert=gateway.pem
> auto=add
> pfs=yes
>
> And here is a copy of the ipsec.conf file on the windows 2000 box:
>
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
>
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
>
>
>
> # basic configuration
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
>
>
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> keyingtries=2
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
>
>
> conn roadwarrior-net
> leftsubnet=10.3.0.0/23
> also=roadwarrior
>
>
>
> conn roadwarrior
> right=%any
> left=%defaultroute
> leftcert=gw.frame.co.za.pem
> auto=add
> pfs=yes
>
> Any help would be appreciated.
>
> ..c
>
Reply to: