On Sunday, 2002-07-21 at 19:48:47 +0100, chris scott wrote: > thanks for all the advice, looks like a much bigger job than I inteneded 8(
I found it a little more complicated than IP-based IPSec, but it gives you more flexibility. The biggest problem was when I screwed up with the srever DN. It took a while to find how you can get the Windows XP client to tell you what it dowsn't like. Typically Micro$oft. "Something went wrong, and as a Windows user we assume you're too stupid to understand what." Grrrr.... Racoon is quite decent, but badly documented. And when I last looked, it lacked CRL (Certificate Revocation List) support. And I needed that for my client, so I had to use FreeS/WAN. Rechecking CRL support, I found this URL: http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html It doesn't say if CRLs work, but it looks helpful for people wanting to do certificates. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
