On Wed, 2002-11-20 at 20:58, [EMAIL PROTECTED] wrote:
For those who are wondering: In IPsec automatic keying with IKE (Internet
Key Exchange), each peer has to have an identity. With X.509 certificates,
the ID is almost always the DN (Distinguished Name) of the certificate of
that peer.
On 21 Nov 2002, at 8:30am, [EMAIL PROTECTED] wrote:
However, I have to say that I have done IPSec through NAT using PSK's and
it works fine. IKE isn't the real trouble spot, usually.
Except that I have noticed that IKE using an ID type of IP_ADDR, PSKs, and
aggressive mode is a lot more
Quoting [EMAIL PROTECTED]:
It wasn't clear if you didn't follow the thread from the start, but
we
were talking about IPsec and PPTP masquerading support, not the actual
PPTP
or IPsec endpoint implementations. Of course, the masquerade modules
don't
appear to be present, either. :-)
I
On Wed, 20 Nov 2002, at 6:29am, [EMAIL PROTECTED] wrote:
NAT and IPsec don't get along in three major ways:
better make that four ... there is one case involving pre-shared keys and
nat'd connections that may be relevant here.
Oh, yeah, I forgot all about Pre-Shared Keys. (I avoid PSKs
On Sun, 17 Nov 2002, at 10:57pm, [EMAIL PROTECTED] wrote:
just a point of clarification for when you are setting up your firewall
rules, esp is ip protocol 50 (see rfc 2406) and ah is ip protocol 51 (see
rfc 2402).
Doh! I even checked those against /etc/protocols and I *still* got them
On Mon, 18 Nov 2002, at 4:45pm, [EMAIL PROTECTED] wrote:
Also to note that there are ip_masq modules specifically for pptp AND
ipsec that, if I recall correctly, take care of the majority of these for
you. Personally, I load the pptp module, and require not further
configuration. IPSec, etc,
Quoting [EMAIL PROTECTED]:
It depends. If all you need is a single node behind the NAT doing
IPsec,
loading the modules is sufficient. (If you have them. I note, for
example,
on my RHL 7.3 / kernel 2.4.18 system, that no pre-compiled modules
mentioning IPsec or PPTP exist.)
Hrm,
On Mon, 2002-11-18 at 22:25, [EMAIL PROTECTED] wrote:
On Mon, 18 Nov 2002, at 5:53pm, [EMAIL PROTECTED] wrote:
I note, for example, on my RHL 7.3 / kernel 2.4.18 system, that no
pre-compiled modules mentioning IPsec or PPTP exist.
Hrm, pretty sure at least the pptp module was in 2.4.15
-Original Message-
From: [EMAIL PROTECTED]
To: Greater NH Linux User Group
Subject: Re: Contivity VPN woes
On Sat, 16 Nov 2002, at 11:15am, [EMAIL PROTECTED] wrote:
Please inform your husband that his firewall
needs to allow outbound UDP port 50 and IP
protocol 500.
{snip
Quoting Michael O'Donnell [EMAIL PROTECTED]:
Please inform your husband that his firewall
needs to allow outbound UDP port 50 and IP
protocol 500. If he is doing NAT, then there
needs to be a way to let an IPsec tunnel
through without manipulating the packet.
Is my firewall scrogging
10 matches
Mail list logo
