Hello everyone,
How do you guys go about with subnet-2-subnet VPN Interop
between Dachstein1.0.2 and WIN2K? If I were to use
"fwscert" extracted RSA keys from my serverkey.pem (since
FSwan lower than 1.96 does not support the RSA cert key
line declaration in ipsec.secrets), and place the p12 cert extract
of my clientcert.pem on the WIN2K side, I'm assuming that my
DS ipsec.conf and ipsec.secrets should look like this:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
left=<DS external IP>
leftsubnet=<DS internal net/nmask>
leftnexthop=<DS GW>
pfs=yes
conn WIN2K
authby=rsasig
leftrsasigkey=<fswcert -l -c servercert.pem>
leftid="C=PH, ST=MLA, L=MKT, O=DG, ...
right=<WIN2K external IP>
rightsubnet=<WIN2K internal net/nmask>
rightid="C=PH, ST=MLA, L=MKT, O=DG, ...
auto=start
...and that my ipsec.secrets should look like this:
: RSA {
Modulus: 0xAC9ED09EFD9BB372E786...
PublicExponent: 0x010001
PrivateExponent: 0xA8C7B3F5F0C45F8637...
Prime1: 0xDBB216C4EE5BE5E6E7...
Prime2: 0xC92545EB78766E8D8C4...
Exponent1: 0x8F1A8CEC501AFA411330...
Exponent2: 0x9770A6A9D872625DD3E6...
Coefficient: 0x7A92B6B9707FC9704C575...
}
Is there something wrong with my settings above?
I also referred to the "Bering" site on how to setup the WIN2K machine.
And also seen other DOCs stating that PSK is enough to achieve above
subnet-2-subnet interop., even with FSwan as low as v1.1.
But I can't get my above requirements right. :o(
I thought I can get away w/o having to do a WIN2K interop, but then
again ....
TIA - Vic
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
