Re: VPN gateway

To: Debian-ISP <debian-isp@lists.debian.org>
Subject: Re: VPN gateway
From: Bastian Winkler <b.winkler@techdivision.com>
Date: 26 May 2003 09:51:15 +0200
Message-id: <[🔎] 1053935475.1681.4.camel@knecht.edvsorgenfrei.de>
In-reply-to: <[🔎] EKEFJFPGECILAOEPADMKMECNDCAA.craigsc@zdata.co.za>
References: <[🔎] EKEFJFPGECILAOEPADMKMECNDCAA.craigsc@zdata.co.za>

hello,

i think you are using the ipsec.exe on http://vpn.ebootis.de on win2k/xp
side to generate the policies.
in this case you should also take a look on
http://vpn.ebootis.de/ipsec-conf.htm for the windoze ipsec.conf

buz

On Son, 2003-05-25 at 17:53, Craig wrote:
> Hi Guys
> 
> Having a few problems with setting up a VPN gateway on Linux, 
> specifically a debian firewall box and having windows 2000 
> boxes authenticate using certs.
> 
> I have generated a cert for the gateway machine using the openssl packages
> and installed it. I have also configured freeswan to the best of my 
> knowledge and then generated a cert for a test windows 2000 machine and
> afaik they are not authenticating.
> 
> Here is a copy of the freeswan config file on the VPN gateway:
> 
> 
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	plutoload=%search
> 	plutostart=%search
> 	uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> 	keyingtries=2
> 	compress=yes
> 	disablearrivalcheck=no
> 	authby=rsasig
> 	leftrsasigkey=%cert
> 	rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
> 	leftsubnet=10.3.0.0/23
> 	also=roadwarrior
> 
> 
> 
> conn roadwarrior
> 	right=%any
> 	left=%defaultroute
> 	leftcert=gateway.pem
> 	auto=add
> 	pfs=yes
> 
> And here is a copy of the ipsec.conf file on the windows 2000 box:
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	plutoload=%search
> 	plutostart=%search
> 	uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
> 	keyingtries=2
> 	compress=yes
> 	disablearrivalcheck=no
> 	authby=rsasig
> 	leftrsasigkey=%cert
> 	rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
> 	leftsubnet=10.3.0.0/23
> 	also=roadwarrior
> 
> 
> 
> conn roadwarrior
> 	right=%any
> 	left=%defaultroute
> 	leftcert=gw.frame.co.za.pem
> 	auto=add
> 	pfs=yes
> 
> Any help would be appreciated.
> 
> ..c
>

Reply to:

References:
- VPN gateway
  - From: "Craig" <craigsc@zdata.co.za>

Prev by Date: Re: VPN gateway
Next by Date: RE: Routingtable vulnerability
Previous by thread: Re: VPN gateway
Next by thread: somehow OT - Configuring different bridged networks through dhcp
Index(es):
- Date
- Thread