David Davidse wrote:
>
> I was wondering if anyone's posted a howto for connecting two freeS/WAN
> gateways with x509 certs..
>
> I have successfully setup a VPN between a freeS/WAN gateway and sentinel
> road-warrior thanks to the wonderful howto
> www.ssh.com/download_files/openssl_mini-ca.pdf (I wish all howto's were
> this good, but then who'd learn anything ;))
>
> both gateway's have their own CA and have roadwarrior connections setup
> now I want to connect the two gateways but am unsure exactly how to do this
>
Just put both CA certificates into /etc/ipsec.d/cacerts and
in addition to the roadwarrior connections define the gateway to
gateway connection in ipsec.conf
conn gw1-gw2
left=<IP of gw1>
leftid="<DN of gw1>"
leftsubnet=<subnet behind gw1>
leftrsasigkey=%cert
right=><IP of gw2>
rightid="<DN of gw2>"
rightsubnet=<subnet behind gw2>
rightrsasigkey=%cert
auto=add
> ---------------------( | . |. .
> david_at_sheviak.com _)|\(-\/|(||\ ||\(_.
> -----------------------------------
> "committed to freedom and diversity"
> -----------------------------------
Regards
Andreas
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST