Re: [leaf-user] ipsec.lrp, Super FreeS/WAN, X.509 and Wildcards - New Build Needed?

Wed, 28 Apr 2004 14:50:29 -0700

Hi

At 21:07 28.04.2004, Muiz Motani wrote: 
My posts seem to keep getting rejected by the list server. Hopefully this one
will work.

I have run into a huge problem with ipsec.lrp which is preventing an
enterprise-wide deployment of Bering 1.2 with ipsec. I believe the problem
would also exist with the uClibc distro as well, although I have not tested it
since I do not have a Bering uClibc installation to test on.

The problem is as follows:

Super FreeS/WAN 1.99.6.2, on which the Bering 1.2 ipsec.lrp is based, has
a known problem which prevents the use of wildcards in Distinguished
Names inside ipsec.conf to specify client ids (rightid, leftid). This is pretty
much a requirement when deploying in an enterprise since you want to
identify available tunnels according to functional groups of people (i.e. sales
has one tunnel, development a second, etc.). See
http://lists.virus.org/freeswan-0305/msg00774.html for a complete discussion
of the problem. The offending version of the X.509 patch which is included in
SFS 1.99.6.2 is X.509 0.9.28.

This problem is fixed with X.509 0.9.30, which is rolled into Super
FreeS/WAN 1.99.7.2. Could some kind soul (Jacques perhaps?) please build
a new ipsec.lrp with the latest Super FreeS/WAN release so that this problem
can be fixed in Bering?

I ran into this myself, and had therefore to individually define connection ID's for each remote station. I am in the (slow) process of building a 2.4.24 kernel with OpenSwan 1.0.1 for Bering1.2x to overcome this. Just keep pushing me....

cheers
Erich

THINK
P�ntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id�66&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to