Yes, with version 0.9.9 of the X.509 patch this setup has become possible,
with the restriction that the FreeS/WAN peer working with public keys
only, is not initiating the negotiation as a roadwarrior with an unknown
IP address. The problem is that FreeS/WAN without the X.509 patch
drops the negotiation when it receives a certificate request (CR). Therefore
X.509 enabled FreeS/WAN does not send a CR if it already possesses the
public key of the peer. But in order to find this out, the IP must
be known at the start of the IKE negotiation.
Regards
Andreas
chandrakant wrote:
>
> hi all
> can i craete a vpn between two linux server such tahat on one we use x509
> certificate and other dose not have certificateonly with public key can
> any one guide me in detail since i get some error
>
> tahnks
>
> chandrakant
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_strongsec.com strongSec GmbH phone: +41 76 340 25 56 Alter Zuerichweg 20 fax: +41 52 268 74 34 CH-8952 Schlieren (Switzerland) web: http://www.strongsec.com ====================================================================== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST