My posts seem to keep getting rejected by the list server. Hopefully this one 
will work.

I have run into a huge problem with ipsec.lrp which is preventing an 
enterprise-wide deployment of Bering 1.2 with ipsec. I believe the problem 
would also exist with the uClibc distro as well, although I have not tested it 
since I do not have a Bering uClibc installation to test on.

The problem is as follows: 

Super FreeS/WAN 1.99.6.2, on which the Bering  1.2 ipsec.lrp is based, has 
a known problem which prevents the use of wildcards in Distinguished 
Names inside ipsec.conf to specify client ids (rightid, leftid). This is pretty 
much a requirement when deploying in an enterprise since you want to 
identify available tunnels according to functional groups of people (i.e. sales 
has one tunnel, development a second, etc.). See 
http://lists.virus.org/freeswan-0305/msg00774.html for a complete discussion 
of the problem. The offending version of the X.509 patch which is included in 
SFS 1.99.6.2 is X.509 0.9.28.

This problem is fixed with X.509 0.9.30, which is rolled into Super 
FreeS/WAN 1.99.7.2. Could some kind soul (Jacques perhaps?) please build 
a new ipsec.lrp with the latest Super FreeS/WAN release so that this problem 
can be fixed in Bering?

I know that building ipsec.lrp is non-trivial and I would be greatly indebted to 
anyone who builds and releases the new package.

-- 
____________________________________________________________
Muiz Motani
Intelligent Distribution
72-6800 Lynas Lane, Richmond, B.C.  V7C 5E2
email: [EMAIL PROTECTED]
phone: +1 604 448 9293     fax: +1 604 448 9296



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to