IPSEC gateway serving rogue laptops
I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. I am aware of the flaws in such a crude setup, but I dont need pointers about that. Any information or links would be highly appreciated.
Re: IPSEC gateway serving rogue laptops
On Wed, Dec 21, 2011 at 3:25 PM, Henrik Engmark h...@tti.se wrote: I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. I am aware of the flaws in such a crude setup, but I dont need pointers about that. Any information or links would be highly appreciated. http://undeadly.org/cgi?action=articlesid=20090903183235 http://www.kernel-panic.it/openbsd/vpn/
Re: IPSEC gateway serving rogue laptops
On 2011-12-21, Henrik Engmark h...@tti.se wrote: I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. The manuals are probably a better place to start: try ipsec.conf(5), isakmpd(8), ipsec(4). I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. Here's a very brief starter: ike passive esp for the central site ike dynamic esp on the laptops