ipsec.conf + RoadWarrior
Hi, I'm trying to setup the following IPsec scenario. 1. Clients are either OS X or Windows connecting from arbitrary IPs and hostnames and sometimes behind NAT connections. 2. OpenBSD 4.4 server. I have certificates created and signed by our CA with the e-mail address used as the UFQDN in the subjectAltName field. Similarly I have a certificate for the firewall with its IP address in the subjectAltName. The internal network is the subnet 192.168.0/24 and I would like to have addresses in the 192.168.1/24 range assigned to the VPN connections. I was wondering how this would be done with ipsec.conf? I have previously configured a similar setup using isakmpd.conf, but the examples for ipsec.conf only seem to address cases where both ends have hostnames or IP addresses that are known. In this case I don't have any idea of the client (except the cert). Anyone know how to do this? I was also wondering if its somehow possible to assign IP addresses dynamically in the 192.168.1/24 net for the clients? Previously I had a hardcoded IP for each client. Best regards, Edvard Fagerholm
Re: Sun Fire X2100 M2
Hi, Thanks for the input about the X2100 M2. This seems to be exactly what I was looking for. I've still got two questions, which is OT regarding OpenBSD... On Sun's webpages you'll only find options for a 250GB and 500GB SATA drive. Their manual also states that the M2 only supports drives of 250GB and 500GB. This seems like they're only listing the hardware that they provide support for and not what the BIOS actually supports? It does have an MCP 55 Pro chipset, so it should support any SATA drive, right? As I've got some 36GB WD Raptor SATA I drives, I was going to use them instead of the drives Sun provides. The second question is that are the drive bays empty or do they have HD sleds in them? Also can you install any DVD-drive you want into it and does the DVD require SATA or a PATA connection? I'm only going to need a DVD for installation. Sun didn't want to answer the first question, so I hope some of you who have seen the box could answer these questions. Thanks, Edvard
