Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] A newbie question

From: Daniel Distelrath (Daniel.Distelrath_at_t-online.de)
Date: Mon Jun 10 2002 - 01:34:06 CEST

Next message: Greg Scott: "RE: [Users] Broken build with a bogus 53c700 SCSI driver"
Previous message: Daniel Distelrath: "Re: [Users] FAQ - Life's little mysteries"
In reply to: David Gardi: "[Users] A newbie question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

4 little hints - based on my little timetaking personal experience:

1)
couldn't get ebootis tools to work on XP, so you might want to think about trying with another client (e.g. sentinel or rather two
Linux freeswan systems you were already thinking of) first.

2)
in case you work with certs, don't think about using the same data for the CN field of server an ca.

3)
first tries without IP compression - cause it might not work.

4)
8-)

--dan--

----- Original Message -----
From: "David Gardi" <debian_at_gardisoft.org>
To: <users_at_lists.freeswan.org>
Sent: Sunday, June 09, 2002 11:31 PM
Subject: [Users] A newbie question

> Hello all,
> This is the first time I'm getting anywhere close to IPsec. I've been
> reading the freeswan docs, and seem to get a general idea of how things
> are supposed to work.
> Well.. here are my specific questions:
>
> 1) I'm using freeswan 1.96-1.2 and openssl 0.9.6d-1 with kernel 2.4.18
> on debian unstable and I would like to communicate with a windows xp
> machine (on my same subnet) securly. I have the necessary tools fo xp
> hopefully that is Ipeseccmd and a set of Windows 2000 VPN Tool taken
> from http://vpn.ebootis.de./
>
> Debian box /etc/ipsec.conf looks like this:
>
> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> plutowait=no
> uniqueids=yes
>
> conn GNU-WIN
> auto=add
> type=tunnel
> left=192.168.1.1
> right=192.168.1.2
> keyexchange=ike
> keylife=8h
> keyingtries=3
> pfs=yes
> rekeymargin=9m
> rekeyfuzz=25%
>
> I still have not set the ipsec.conf on the xp side, because I don't
> really know how to set that up, and docs seem to be contradictory. I
> would like my machine to communicate to the xp machine only via the
> ipsec interface using encryption, is this possible, and how must I set
> things up?
>
> 2) The ultimate thing I'd like to do is this: Set up a VPN using two
> Linux freeswan systems over the Internet (for the moment IP's are
> dynamic, however will be static eventually), and transparently be able
> to make windows machines on each side of the VPN communicate with each
> other as if on the same net. Possibly even do trust relations.
>
> Any pointers would be great.
>
> TIA,
> David.
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Greg Scott: "RE: [Users] Broken build with a bogus 53c700 SCSI driver"
Previous message: Daniel Distelrath: "Re: [Users] FAQ - Life's little mysteries"
In reply to: David Gardi: "[Users] A newbie question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST