On Wed, 12 Jun 2002, Sean Loch wrote:
> I followed Nate Carlson's howto, and with the help of several others
> on this user group, I have a vpn server up and running. I was
> wondering though, why it is not necessary to copy all of the peer .pem
> files that I created to the /etc/ipsec.d directory, or is it? They
> all (except for the host .pem) reside in /var/sslca. If I were to
> create a connection description with rightcert= in it, would the .pem
> file not need to be in this directory for things to work properly?
You don't have to copy them if you aren't going to specify specific hosts
that are allowed to connect. By default, all clients with certs created by
the CA on the FreeS/WAN box can connect, unless they are in the CRL list.
You do need the cert to specify rightcert=<..>
------------------------------------------------------------------------
| nate carlson | natecars_at_natecarlson.com | http://www.natecarlson.com |
| brainbench mvp for linux admin -- http://www.brainbench.com |
| Depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST