On Mon, Dec 02, 2002 at 10:32:50PM +0100, Ionel Mugurel Ciobica wrote: > > Have you patched and recompiled your kernel? You need to install the > > kernel-patch-freeswan package and go through the steps to build a kernel > > that includes it. The kernel-package package will help you patch and > > build the new kernel, and it's well documented. > > > > Yes, I builded a new kernel with that patch enabled. And if you look in /proc/net/ when running this kernel, do you see files with "ipsec" in their name? > Also I don't understand this: "Insert the record into DNS, or have a > system adminstrator do it for you." There is no way that the sysadmin > will enetr something in the DNS, only because I say so... You only need to do that if you're using "opportunistic encryption", where cryptographic keys are being distributed on demand via DNS. I've never known anybody to use this mechanism. You either want pre-shared keys or X.509 certificates for authentication. The docs on www.freeswan.org are pretty good at describing the trade-offs between the different authentication schemes and will help you figure out how to configure them. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp0p8aWL80LJ.pgp
Description: PGP signature