> > BTW: The Windows client is connecting to the Freeswan gateway via a SBC > > Yahoo! PPPoE DSL line. I have read that PPPoE has "has less > > usable packet sizes" > > (http://lists.debian.org/debian-user/2003/debian-user-200302/msg05484.html) > > -- could this be affecting things? > > No. I do not think so. But actually I am out of my wits at the moment. > Could you emulate the scenario locally to rule out the pppoe connection?
Well, PPPoE wasn't the issue -- it's working now over the same PPPoE connection. I'm not sure what I did to get it working -- I went through Nate's procedure again (this was the 5th attempt), re-generated all the certs/keys, and it worked this time. The only thing I did differently was use a different CA.sh script -- the one I had been using was from the Redhat openssl RPM; however, several weeks ago, I compiled a newer openssl version from the source, and it has a different path (/usr/local/ssl/misc/CA.sh instead of /usr/share/ssl/misc/CA). But, I don't know why that would make a difference since all the certs had validated.
