On 9/1/02 7:55 AM, Claus Johansen <[EMAIL PROTECTED]> declared: > Hi all, > > Has anyone out there been using ipsec509 in a production environment with MS > Windows road warrior clients?
Yes, after careful planning and reading. > 1.) > There's no way to tear down a tunnel, it stays active until it times out. A > client > trying to reconnect within that period will fail. If shorewall (on bering) is setup correctly, closing and reopening a tunnel is no problem at all. Using SSH Sentinel from a win98 box, I can do it as much as I like. Spend some time on the shorewall docs. Tom was kind enough to point me in the direction of this little gem for shorewall: http://www.shorewall.net/IPSEC.htm > 2.) > There's no way to set up temporary network settings (e.g. WINS) for the MS > clients > for the duration of the connection. This means that they either work with the > "tunneled" network and no other, or they will have very limited functionality > through the tunnel (because of NetBIOS limitations). This would rely on the client setup and not the tunnel. For example when using a VPN appliance, have it hand out the WINS address of the server at the other end of the tunnel via DHCP. If you're using client VPN software like SSH Sentinel, there is usually a setting for WINS, DHCP, DNS etc. in the software. While the tunnel is active, the settings are in place. WINS works great (for a M$ product) through an IPSEC tunnel, and works well with other protocols. > > If I've missed something here and there are feasible solutions, I'd very much > like > to hear about it! Again, spend some time planning, and reading. You're needs identified here can be easily fulfilled, no problem. -Jeff ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
