Mr. Steinkuehler thank you for your very prompt reply. Your very valid point below about PGP certificates being in a different format is very true. A key extractor is available at www.zengl.net/freeswan that will pull usable information from the PGP keys. This only works for versions up to 6.5.x of PGP.
An excellent article on freeswan -> PGPnet through a linksys router is available from http://www-ec.njit.edu/~rxt1077/Howto.txt which deals with x509 certificates. I was hoping to avoid the certificate issue and go direct with open PGP certificates. --- Charles Steinkuehler <[EMAIL PROTECTED]> wrote: > > I found Felippe Piazza article in > > www.strongsec.com/freeswan on how to accomplish > this > > using Open PGP certificates without the x509 > > certificates. > > > > The article indicates that a patch must be made to > the > > kernel of linux to get this to work which > strangely > > enough is the x509 patch. > > > > In C. Steinkuehler documentation of the Dachstein > CD > > he indicates that a support lrp is available as > > ipsec509.lrp to be included on the floppy's > > pkgpath.cfg file along with the regular ipsec.lrp. > > > > So finally the question, does the ipsec509.lrp > file > > include the patch to pluto and kernel > modifications so > > that Open PGP certificates will work with the > > Dachstein IPSEC? > > If you're running the CD version of Dachstein, and > loading the ipsec and > ipsec509 packages, you should be able to use x.509 > certificates as > authentication keys. > > > The Dachstein firewall/VPN functions great between > > linux firewalls but I cannot seem to get the M$ > > product to talk. > > I don't acutally use certificates, so I haven't > verified everything works > personally. I do know, however, that there are > numerous configuration > problems on the windows side if you're not using the > entire MS VPN > framework. You might ask on the ipsec list (or > search the archives) about > configuring windows and FreeS/WAN to talk to each > other using certificates. > You'll also need to import the certificates into > freeswan...I have the > openssl and fswcert programs to do this available > for download from the > ipsec pacakge page on my website, if you don't have > an alternative linux box > to run the programs on... > > I also seem to remember something odd about PGP > cert's...I think they're > stored in yet another format, and require a > different program to extract > their data on a linux system, but I'm not sure...the > FreeS/WAN docs & > mailing list will be your best source of info. > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
