Re: VPN gateway

Bastian Winkler Mon, 26 May 2003 03:10:53 -0500

hello,

i think you are using the ipsec.exe on http://vpn.ebootis.de on win2k/xp
side to generate the policies.
in this case you should also take a look on
http://vpn.ebootis.de/ipsec-conf.htm for the windoze ipsec.conf


buz

On Son, 2003-05-25 at 17:53, Craig wrote:
> Hi Guys
> 
> Having a few problems with setting up a VPN gateway on Linux, 
> specifically a debian firewall box and having windows 2000 
> boxes authenticate using certs.
> 
> I have generated a cert for the gateway machine using the openssl packages
> and installed it. I have also configured freeswan to the best of my 
> knowledge and then generated a cert for a test windows 2000 machine and
> afaik they are not authenticating.
> 
> Here is a copy of the freeswan config file on the VPN gateway:
> 
> 
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
>       interfaces=%defaultroute
>       klipsdebug=none
>       plutodebug=none
>       plutoload=%search
>       plutostart=%search
>       uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
>       keyingtries=2
>       compress=yes
>       disablearrivalcheck=no
>       authby=rsasig
>       leftrsasigkey=%cert
>       rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
>       leftsubnet=10.3.0.0/23
>       also=roadwarrior
> 
> 
> 
> conn roadwarrior
>       right=%any
>       left=%defaultroute
>       leftcert=gateway.pem
>       auto=add
>       pfs=yes
> 
> And here is a copy of the ipsec.conf file on the windows 2000 box:
> 
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
> 
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
> 
> 
> 
> # basic configuration
> config setup
>       interfaces=%defaultroute
>       klipsdebug=none
>       plutodebug=none
>       plutoload=%search
>       plutostart=%search
>       uniqueids=yes
> 
> 
> 
> # defaults for subsequent connection descriptions
> # (mostly to fix internal defaults which, in retrospect, were badly chosen)
> conn %default
>       keyingtries=2
>       compress=yes
>       disablearrivalcheck=no
>       authby=rsasig
>       leftrsasigkey=%cert
>       rightrsasigkey=%cert
> 
> 
> 
> conn roadwarrior-net
>       leftsubnet=10.3.0.0/23
>       also=roadwarrior
> 
> 
> 
> conn roadwarrior
>       right=%any
>       left=%defaultroute
>       leftcert=gw.frame.co.za.pem
>       auto=add
>       pfs=yes
> 
> Any help would be appreciated.
> 
> ..c
>

Re: VPN gateway

Reply via email to