Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] Several users configuration

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Sun May 05 2002 - 16:16:30 CEST

Next message: Justin Kreger: "RE: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Iain McClatchie: "[Users] Road Warriors are sometimes local"
In reply to: Harry Brueckner: "[Users] Several users configuration"
Next in thread: Harry Brueckner: "Re: [Users] Several users configuration"
Reply: Harry Brueckner: "Re: [Users] Several users configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Harry,

you've got the idea right! I wonder why your configuration fails.
Could you post a log detailing the error?

Regards

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Harry Brueckner
> Sent: Dienstag, 30. April 2002 17:45
> To: users_at_lists.freeswan.org
> Subject: [Users] Several users configuration
>
>
> Hello,
>
> I have a question regarding the setup for different users with FreeS/WAN.
>
> I have a working VPN with SafeNet and FreeS/WAN which is fine as long as
> I have one user connected as a road warrior. The problem I have comes up
> when I wan to add another user with his own certificate.
>
> I want to have a different cert for each user so in case somebody must
> be forced out of the network I can simply remove his config lines.
>
> My ipsec.conf looks like this:
>
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
> conn %default
> authby=rsasig
> auto=add
> compress=yes
> disablearrivalcheck=no
> keyingtries=1
> left=%defaultroute
> leftcert=vpn.pem
> leftfirewall=yes
> leftrsasigkey=%cert
> pfs=yes
> right=%any
> rightrsasigkey=%cert
>
> conn user1
> leftsubnet=192.168.100.0/24
> rightid="<user 1's CN>"
>
> conn user2
> leftsubnet=192.168.100.0/24
> rightid="<user 2's CN>"
>
> With only 1 user in the file it works fine - as soon as I add the second
> it fails. :-/
>
> Is there a way to get the basic idea working somehow or have I some
> missunderstanding somewhere.
> I would not like to have a solution where I have to renew certificates
> for alot of people just because I want to restrict one users access.
>
> Thanks in advance, Harry
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Justin Kreger: "RE: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Iain McClatchie: "[Users] Road Warriors are sometimes local"
In reply to: Harry Brueckner: "[Users] Several users configuration"
Next in thread: Harry Brueckner: "Re: [Users] Several users configuration"
Reply: Harry Brueckner: "Re: [Users] Several users configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST