On Sep 10, 2008, at 8:29 PM, Philip Prindeville wrote:
> Ok, so legal values of VPN would be:
>
> ""
> "openvpn"
> "racoon"
> "openvpn racoon"
> "racoon openvpn"
>
> right?
>
> -Philip
I vote we stick with the basics for now,
""
"openvpn"
"racoon"
and expand this list if/when there is demand.
People have enough trouble getting one vpn working. ;-)
Lonnie
>
>
>
> Lonnie Abelbeck wrote:
>> Thanks Philip,
>>
>> My point is that if $VPN="", then no vpn should start. OpenVPN
>> currently behaves this way.
>>
>> I am suggesting IPsec should act the same way, ie in racoon.init
>>
>> init()
>> {
>> if [ "$VPN" -a "$VPN" = "racoon" ]
>> ...bla bla
>> fi
>> }
>>
>> currently this is not the behavior.
>>
>> Lonnie
>>
>>
>> On Sep 10, 2008, at 7:43 PM, Philip Prindeville wrote:
>>
>>
>>> Picking up an offline conversation...
>>>
>>> We currently have the "$VPN" variable in /etc/rc.conf just as we do
>>> for
>>> the firewall selection...
>>>
>>> Not sure that it's appropriate in the former case. With a firewall,
>>> you
>>> really only need 0 or 1.
>>>
>>> But with VPN, you can have mix & match of both VPN-over-IPsec and
>>> VPN-over-SSL (and conceivably VPN-over-L2TP and VPN-over-PPTP and
>>> VPN-over-carrier pigeons and ...) ... well, basically as many
>>> instances
>>> and varieties of VPN as are useful to support all the peering
>>> combinations that users might have.
>>>
>>> Lonnie thinks that setting VPN to "ipsec", "openvpn", or ""
>>> simplifies
>>> management.
>>>
>>> I think this is an unnecessary constraint on how VPN gets used,
>>> and we
>>> should try to make it as flexible as reasonable.
>>>
>>> Anyone else want to contribute their thoughts?
>>>
>>> Thanks,
>>>
>>> -Philip
>>>
>>> Philip Prindeville wrote:
>>>
>>>> I'll look into it.
>>>>
>>>> -Philip
>>>>
>>>>
>>>> Justin Coffi wrote:
>>>>
>>>>
>>>>> I got a nasty error using the built in racoon config in rc.conf
>>>>> using
>>>>> the astlinux-0.6-1934-via.tar.gz image.
>>>>>
>>>>> 09-10-2008 19:50:06 Daemon.Info 192.168.XX.XX racoon:
>>>>> ERROR: /tmp/etc/racoon.conf:8: "sec" NAT-T support not compiled
>>>>> in.
>>>>>
>>>>>
>>>>>
>>>>> Philip Prindeville wrote:
>>>>>
>>>>>
>>>>>> Not even necessary.
>>>>>>
>>>>>> You can run racoon with an alternate config file, as:
>>>>>>
>>>>>> racoon -f /etc/racoon2.conf
>>>>>>
>>>>>> for instance.
>>>>>>
>>>>>>
>>>>>> Justin Coffi wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> I'd like to use racoon as a client (as in Client <---> Server)
>>>>>>> in VPN
>>>>>>> connections. Can I, in theory, just remove the link to it in /
>>>>>>> etc/ and
>>>>>>> replace it with a real racoon.conf file located at /mnt/kd/
>>>>>>> racoon.conf ?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
> PROTECTED]
> .
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
