I see the point about the white space indention, the formatting must not have kept in my original email. I believe that this is everything I need now to get this working. I'll be working on it this evening. Thanks for the help everyone...
Joey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Monday, March 04, 2002 11:19 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] ipsec.conf and ipsec.secrets List added back to thread... > One last question, regarding ipsec.secrets, this is unique to each machine, > correct? And I put the entire output from ipsec rsasigkey into that within > the {} . Or (like a read once before) do I create an entry for each > machine something like > > @shop : RSA > { > <output from ipsec rsasigkey> > } > > @home : RSA > { > <output from ipsec rsasigkey> > } > > this doesn't seem right since the output should be kept private, but I read > that through one of the man pages. Or, do I simply put the output from the > ipsec rsasigkey into the ipsec.secrets for each unique box? For RSA keys, each machine needs it's own *COMPLETE* RSA key in ipsec.secrets. *BOTH* endpoints of the VPN need the public portion of the key in ipsec.conf. Please note that your format above will not work for ipsec.secrets...you're missing the required whitespace at the beginning of the RSA key lines. You want something more like: : rsa { <rsa-key-stuff> <more-rsa-key-stuff> <more-rsa-key-stuff> <more-rsa-key-stuff> } Note everything but the ": rsa" line is indented with whitespace...FreeS/WAN is *VERY* picky about this. See the ipsec.secrets man page for all the gory formatting details, but the above (filled in properly with real RSA key info) is enough of an ipsec.secrets file for most RSA applications. Unless you're trying to use multiple RSA keys on the same system (ie different RSA keys for different VPN links), you don't need any identifying information (the @home and @shop in your example). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
