-----BEGIN PGP SIGNED MESSAGE----- On Friday 08 August 2003 05:19, Craig Emery wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Now the linux gateway called "hilly" is RedHat 7.3 > > kernel-2.4.20-18.7 downloaded from RedHat > freeswan-1.99_x509_0.9.15_2.4.20_18.7-1 downloaded from > freeswan.ca freeswan-module-1.99_x509_0.9.15_2.4.20_18.7-1 ----------- " > ------------- > > So I think the FreeS/WAN gateway has X.509 and NAT-T compiled in.
Nope: it's only got x.509 compiled in! However, lack of NAT-T may/may not be your problem. You can get SuperFreeS/WAN (which includes NAT-T) + kernel RPMs from Tuomo Soini's archive here: http://tis.foobar.fi/software/?freeswan Nate Carlson's walkthrough also covers how to deal with traversing NAT via static configuration; read #2 here: http://www.natecarlson.com/linux/ipsec-x509.php#trouble As he mentions, you can "rightsubnet" in his additional connections to "rightsubnetwithin=192.168.0.0/24" to allow flowers to connect from any dhcp-assigned IP within its private network. > So could someone give me a big hint (read do it all for me :-D) of what > ipsec.conf files to have at each end? > > I've been following http://www.natecarlson.com/linux/ipsec-x509.php with > "flowers" as the Road Warrior. You have a common setup, and Nate Carlson's walkthrough has the info you need. If you continue to have issues, post logs/configuration files to the lists. - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPzPli0OSC4btEQUtAQGjUAQAhzQXiRX6wTP5q++sesXfVHIhkcYBA29J X4/FvZNZWFuC1d3ewjausZbN//OBzji/JjgZcDct5ZFwG88d9OEh6/BcNdxzTMBL 5qjAg3uZKtrIM3xNNyZdS8tOt/tBIpQVd7S7OH0RaKmrhdsULbtIRlcrNtOdoRQR ZtNnr2LA+MA= =HyJW -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
