On Thu, Oct 1, 2009 at 5:50 PM, Hewitt_Tech <hewitt_t...@comcast.net> wrote: >> Any idea what protocols the LinkSys is using? IPsec? IKE? SSL/TLS? >> X.509? > > It's definitely using IKE.
Okay, IPsec with IKE can use PSK or X.509 certificates. Which one is your LinkSys using? If it's PSK (pre-shared keys, also called a "shared secret"), you have to enter the same password into both devices. There will be no clock time element involved. So that isn't the problem. (I think.) If it's X.509 certificates, you either register the device with a Certificate Authority, or you exchange peer certificates between each device. X.509 allows the time stuff. so that *MAY* be the problem. If you want to persue the certificate+time thing: Does the device have the option of letting you load your own certificate and key? If so, you could use OpenSSL's CA support on a Linux box to generate certificates for each device, specifying a "Not Before" date of 1/1/1900 or whatever the device thinks the date is. One word of warning: If you haven't used the OpenSSL CA stuff already, it is extremely cryptic and very poorly documented. Even by Linux standards. It doesn't help that X.509 is a nightmare, too. It will probabbly be cheaper to just buy a real VPN box than spend the time and effort in figuring it all out -- especially since we're not even sure that's the problem. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
