Hello Charles and Lynn, Once more your comments and suggestions are well noted. I'll try using using PSK and, I hope this works. This means clearing all the certs and der file I've created in /etc/.. and /etc/ipsec.d right? And if this is posible, I won't need x509 at all! hhhmmm... simpler... cleaner... anyways, I'll try.
Regards - Vic > --__--__-- > > Message: 10 > Date: Sat, 25 Jan 2003 10:27:46 -0600 > From: Charles Steinkuehler <[EMAIL PROTECTED]> > To: "Victor B. Berdin" <[EMAIL PROTECTED]> > CC: [EMAIL PROTECTED] > Subject: Re: [leaf-user] DS 2.2.19+FSwan1.91+WIN2K=sub2sub VPN interop? > 1) I hope you are aware of the various limitations of the built-in > windows IPSec client? There are at least two issues I've heard of that > could be causing you problems, including the fact that you don't get > 3DES support without installing a security patch (although you get the > "check-box" regardless, so you can mistakenly belive you're running 3DES > on the windows side when in reality it will only negotiate 1DES. > FreeS/WAN, of course, will refuse to talk 1DES). > > The other issue is the fact that only some flavors of Win2K (server > and/or advanced-server, IIRC) will do gateway-gateway connections. I > think all that's supported on 2K-Pro is host-host or host-subnet, with > the 2K-Pro end being a host, and the remote end being a subnet or gateway. > > 2) I have used the ssh sentinel client to connect W2K-Pro to FreeS/WAN > using shared-secrets. While I implemented a host-subnet connection, I > believe ssh sentinel does support subnet-subnet links. While it is not > free, the price for ssh sentinel is pretty reasonable, and I think it's > a lot easier to configure than the built-in M$ client, and it's way > cheaper than a server or advanced-server license, if you're trying to > use 2K-Pro for a subnet-subnet connection. > > Message: 13 > From: Lynn Avants <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] DS 2.2.19+FSwan1.91+WIN2K=sub2sub VPN interop? > Date: Sat, 25 Jan 2003 13:55:03 -0600 > > Check a RSA key on a linux box..... I think you'll find a different format > than what you have posted. I doubt this format will work at all using a > key from a cert, but you have other missing required informaion in your > setup. "ipsec barf" will provide more information about the failure(s) to > connect. I would highly suggest getting this to work with PSK first and > make sure everything else works rather than attempting everything > first...... there are tons of errors that can be easy to make outside of > the authentication method. > -- > ~Lynn Avants > Linux Embedded Appliance Firewall developer > http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
