Yep I use an email address as the cn. Open vpn would be great but this seems to still not be available. Even a gre tunnel would do what I require but again not built into pfsense.
So I persevere this way. The only security concern that I can see is the the vpn hub. This is a concern but pfsense seems to be reasonably well locked down. The whole point of the hub is to be able to get a central public block to a large number of remote sites that I cannot route blocks to. I might take you advise though and try with openvpn if I can get the devel options to work and enable it. > -----Original Message----- > From: jonathan gonzalez [mailto:[EMAIL PROTECTED] > Sent: 22 October 2005 17:57 > To: [email protected] > Subject: Re: [pfSense Support] ipsec > > Hi guys, > > i know that this question may seem to be silly but, if what you want is > to establish an ipsec tunnel in a roadwarrior-fashion why don't you use > any other type of CN? > > i mean, use a dyndns name, an email address, etc... > > In contrary case you can use OpenVPN, that is not ipsec but will enable > you easily achieve what i think you need. > > Just to finnish, 0.0.0.0 is not a good idea because you use ipsec to > setup net-to-net tunnel... Using 0.0.0.0 you likely be a vpn hub that is > something 'weird' from the security point of view. > > That's my 0.02€ ;) > > Regards, > > jonathan > > > > > > alan walters wrote: > >>This must have got overwritten when we sync'd to m0n0wall for their > >>certificate support. Do a update_file.sh > >>/usr/local/www/vpn_ipsec_edit.php and all should be well again (I > >>hope). > >> > >>Scott > > > > > > [alan walters] > > > > I copyed that file from the releng branch of the cvs but stillthe same. > > The box is isolated from the internet so no way to update it apart from > > manually. This still produced the same error. Remote subnet bits cannot > > be zero. > > > > > >> > >>On 10/21/05, alan walters <[EMAIL PROTECTED]> wrote: > >> > >>> > >>> > >>>I know some time ago we looked at ipsec tunnels with 0.0.0.0/0 > > > > subnets. > > > >>I > >> > >>>upgraded to 0.86.4 and again to 0.88.0 > >>> > >>>Neither seem to support the following configuration in gui any more. > >>> > >>> > >>> > >>>The will not work: > >>> > >>> > >>> > >>>Localnet 192.168.1.1/24 remotegateway: > > > > public > > > >>>address > >>> > >>>Remotenet 0.0.0.0/0 > >>> > >>> > >>> > >>>But this works : > >>> > >>> > >>> > >>>Localnet 0.0.0.0/0 remotegateway: > >> > >>public > >> > >>>address > >>> > >>>Remotenet 192.168.1.1/24 > >>> > >>> > >>> > >>>Regards. > >>> > >>> > >>> > >>>Hope you can help me with this. > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
