> I found Felippe Piazza article in > www.strongsec.com/freeswan on how to accomplish this > using Open PGP certificates without the x509 > certificates. > > The article indicates that a patch must be made to the > kernel of linux to get this to work which strangely > enough is the x509 patch. > > In C. Steinkuehler documentation of the Dachstein CD > he indicates that a support lrp is available as > ipsec509.lrp to be included on the floppy's > pkgpath.cfg file along with the regular ipsec.lrp. > > So finally the question, does the ipsec509.lrp file > include the patch to pluto and kernel modifications so > that Open PGP certificates will work with the > Dachstein IPSEC?
If you're running the CD version of Dachstein, and loading the ipsec and ipsec509 packages, you should be able to use x.509 certificates as authentication keys. > The Dachstein firewall/VPN functions great between > linux firewalls but I cannot seem to get the M$ > product to talk. I don't acutally use certificates, so I haven't verified everything works personally. I do know, however, that there are numerous configuration problems on the windows side if you're not using the entire MS VPN framework. You might ask on the ipsec list (or search the archives) about configuring windows and FreeS/WAN to talk to each other using certificates. You'll also need to import the certificates into freeswan...I have the openssl and fswcert programs to do this available for download from the ipsec pacakge page on my website, if you don't have an alternative linux box to run the programs on... I also seem to remember something odd about PGP cert's...I think they're stored in yet another format, and require a different program to extract their data on a linux system, but I'm not sure...the FreeS/WAN docs & mailing list will be your best source of info. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
