[leaf-user] Use openvpn certs&keys for Freeswan.

Mon, 21 Feb 2005 10:05:19 -0800 


Dear list.
I have X.509 certificates and private keys generated by openssl.
I am currently using these to support an openvpn tunnel between two
Bering 1.2 firewalls "home" and "office". viz:
tls-server
dh dh1024.pem
ca itec-ca.crt
cert office.crt
key office.key

I would like to transition to certificates with ipsec, which I also have
running on both bering fw's. Successfully supports a road warrior mode
for a laptop anywhere outside office-fw, but it is currently Preshared
Key.

I see no reason why I could not use the same certificates and keys on my
ipsec connections.

I have office.cert and office.key, which could be used on the office fw.
then, for roadwarrior mode, I may as well use home.cert and home.key on
the laptop.

A handful of questions: 
first, how do I use the dh1024.pem file with ipsec?

Second --
I am getting confused by some of the file formats, and I have this from
the www.strongsec.com/freeswan/install.htm page:
that freeswan can automatically detect base64 pem format versus binary
DER format.  Is binary DER what openssl generates as a .crt file? And
what is PKCS#12, PKCS#7 ?

finally, There does not seem to be any config in ipsec.conf to identify
the CA certificate file. Is this done automatically from some directory?

TIA
Rick.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to