> But anyway, I'm trying be able to use Freeswan on my laptop instead of
> the Cisco VPN client, and I figure I won't be able to use the vpngroup
> stuff for remote configuration (this is actually the point where I'd
> like somebody to respond "YOU'RE WRONG - THIS IS HOW YOU DO IT").
Well, unfortunately, YOU'RE RIGHT. When it comes right down to it, IPSec,
as originally designed, has a lot of limitations with respect to the ways
that it's being used these days. Not that it's a bad spec, but there are a
lot of extensions that would be really handy. Lots of vendors (cisco
especially) put these extensions in. Some of them are open, some are not.
So, basic IPSec is often very interoperable, but nifty extensions rarely
are.
If you have some control of both ends, it's often quite possible to make
things work. I'm pretty sure that you can do IPSec between freeswan and a
cisco pix. I believe isakmp will work between the two. I have no idea how
the pix stores rsa keys, so that might be a holdup, but psk authentication
should work.
Good luck. Sorry there's no simple solution.
-Joe
>
> /Robert
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST