> 1) Am I correct in understanding that the private key for each Gateway > goes in ipsec.secrets. While the public key goes in ipsec.conf left & > right respectivly?
You need at least one private key in ipsec.secrets (the RSA key for the local machine). You need two public RSA keys in ipsec.conf (the public portion of the key used on each end of the connection). > 2) How does IPsec know the FQDM of each gateway, and do I just set it in > network.conf? For example: leftid=office.company.com and > rightid=home.company.com. Do I set the host name of the office machine to > office and the domain as company.com in the network.conf of is there more > to it than that? For the complete answer, see the FreeS/WAN documentation. The short answer from memory is that ID's on both ends need to match. To prevent any IP renumbering and/or DNS problems from breaking VPN links, I always assign "non-resolved" ID's to both ends. In other words: leftid=office.company.com Will use name resolution to come up with an IP address, which will be used as left ID. [EMAIL PROTECTED] Will use "office.company.com" as the left ID, which (in my networks at least) tends to be less prone to change than the IP address... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
