PLEASE help me by telling how the road warrior problem (i.e. DHCP assigned
address)
with MS IPSec was solved. The FreeS/Wan docs on interop said it was solved
(see attached) but
doesn't say how.
HOW???
FreeS/WAN-to-Win2000 interop
As for IPSEC interoperation between Windows 2000 and FreeS/WAN, there are
several web sites listed under Interop HowTo <> documents above.
Here is a discussion from the mailing list:
From: "Jean-Francois Nadeau" <[EMAIL PROTECTED]>
Subject: Win2000 IPsec interop. in tunnel mode
Date: Tue, 29 Feb 2000
This was a pain.... but it worked. ;)
Win2000 Server against Freeswan 1.1 in tunnel mode is a success.
My Setup
Freeswan :
Kernel 2.2.12 running Freeswan 1.1
Using 3DES-MD5 and PreShared Keys.
Win2000
M$ Win2000 Advanced server patched for 3DES
Here's the setup for the Win2000 Server.
Open an MMC with the IPsec Security policy editor snap-in.
Create a new IP Security Policy.
Create 2 IP SECURITY RULES. One for inbound traffic and one for outbound
trafic (see below)
Create 2 IP FILTERS. One for inbound traffic and one for outbound trafic
(see below)
Assign the inbound IP SECURITY RULE to the inbound IP FILTERS, same for
outbound.
Select both IP SECURITY RULES.
Select your IP Security Policy, right click and ASSIGN.
We need an example to clarify that !@#! logic :
In freeswan :
Conn Interop_Testing
Left=1.2.3.4
Leftsubnet=10.0.0.0/8
Right=9.8.7.6
Rightsubnet=192.168.0.0/24
In Win2000
IP Security Policy : Interop_Testing
**********
1st IP Security rule : Left_to_Right
IP Filter List : Left_to_Right
Source Address = 1.2.3.4
Destination Address = A specific Subnet = 192.168.0.0
255.255.255.0
Filter Action : Request Security
Connections type : All connections
Tunnel Settings : Endpoint = 9.8.7.6
Authentication Method = PreSharedKey=yourkey
***********
**********
2nd IP Security rule : Right_to_Left
IP Filter List : Right_to_Left
Source Address = 9.8.7.6
Destination Address = A specific Subnet = 10.0.0.0 255.0.0.0
Filter Action : Request Security
Connections type : All connections
Tunnel Settings : Endpoint = 1.2.3.4
Authentication Method = PreSharedKey=yourkey
***********
HINTS :
Do not use mirroring in your IP filters.
Move your main proposal to the top (in my case 3DES-MD5)
Enable PFS.
It worked... but a RoadWarrior configuration doesnt seems to be
possible here (must specify both Endpoints and 0.0.0.0 is not acceptable).
Jean-Francois Nadeau
Microlfex.
The RoadWarrior problem has since been solved. RSA authentication has been
added to FreeS/WAN since the above message was posted.
Keith Laidlaw
Manager of Engineering
Dakins Engineering Group Ltd.
tel: (905) 814-6024
fax: (905) 814-6029
winmail.dat
