LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: <bjohns44@csc.com.au>
To : Richard Russell <richard@yellowgoanna.com>
Date: Tue, 28 May 2002 10:20:30 +0930
Re: FreeS/WAN and PoPToP VPN Hell
We use some VPN appliances for our network connectivity.
However I believe FreeSWAN is supposed to work with these devices(only
after setting up a special type of connection). It does have a problem with
the IKE in that Linux FreeSWAN only supports the normal IKE exchange where
as the windows client and the VPN devices only support the Aggresive IKE
model. (Aggressive is less secure - surprise surprise) .
I know that this situation is a little reversed from yours but you could
double check the windows client to see that it supports the normal IKE
model (progressive model - I think it might be called).
Regards,
Brandon Johnson
Network Engineer - NES
CSC Australia Tech Park SA
Ph. (W) 08 8343 8892
Ph. (M) 0409 075 136
======================
Esse quam videri
- To be, rather than to appear
----------------------------------------------------------------------------------------
This email, including any attachments, is intended only for use by the
addressee(s) and may contain confidential and/or personal information and
may also be the subject of legal privilege. Any personal information
contained in this email is not to be used or disclosed for any purpose
other than the purpose for which you have received it. If you are not the
intended recipient, you must not disclose or use the information contained
in it. In this case, please let me know by return email, delete the message
permanently from your system and destroy any copies.
----------------------------------------------------------------------------------------
Richard Russell
<richard@yellowg To: linuxsa@linuxsa.org.au
oanna.com> cc:
Subject: FreeS/WAN and PoPToP VPN Hell
28/05/2002 09:50
AM
Hi all,
I'm struggling with a VPN setup here...
Situation is that I need secure comms via internet from a Private
192.168.x.y LAN behind a static IP Debian gateway machine to roving
users on Windows 95|98|ME|NT4|2000|XP laptops and home PCs, which
presumably will be on real IPs, but I guess I can't garantee that.
Pretty normal, eh?
So I've tried both FreeS/WAN (IPSec) and PoPToP (PPTP), and so far, have
failed on each one.
I have ipsec installed and configured on the gateway, no worries. Took a
kernel recompile, but it worked. Created my keys, and away we go. The
other end is harder. The other end, you see, is Windows (XP Pro atm).
Getting a certificate was tough. Eventually, I got two -- one from an MS
testing site, and one from openssl via linux. However, I can't, for the
life of me, figure out how to get the public key out of it. It may be
that I'm just not thinking here...
PoPToP looked easier, but it seems to require kernel patches that aren't
available for my kernel (2.4.18), as well as pppd patches that aren't
available for my version of pppd (2.4.1)... at least, I can't find
them...
Anyone successfully got this running in a similar config -- either ipsec
or pptp? I'd love to have a chat...
rr
--
Richard Russell
Yellow Goanna P/L
e: richard@yellowgoanna.com
m: +61 412 827 805
f: +61 8 8462 2362
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page