Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] W2K necessitates using certificates?

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Mon Jul 08 2002 - 13:24:21 CEST

Next message: Kuba Leszewski: "[Users] how to make ipsec tunnel a default gateway ?"
Previous message: Andreas Steffen: "Re: [Users] Windows 2000 native IPsec and x509 certificates"
In reply to: David Morgan: "[Users] W2K necessitates using certificates?"
Next in thread: Chris Wilson: "Re: [Users] W2K necessitates using certificates?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Windows2000 can work with preshared secrets. But if you have
several W2k road warriors with dynamic IP address you get more
flexibility becaues each road warrior gets her own certificate.
With preshared secrets all roadwarriors must share the same secret.
You can find the details at

http://vpn.ebootis.de

Regards

Andreas

David Morgan wrote:
> To use Windows2000 clients against FreeS/WAN, is it imperative that
> FreeS/WAN use certificates because Windows2000 doesn't work without
> them?
>
> I have FreeS/WAN working between 2 linux machines. So far I have one
> configuration where they use secret keys for authentication, and another
> where they use rsa keypairs. In both cases, the keys used get dropped
> into the /etc/ipsec.secrets file to make everything play. No
> certificates involved.
>
> Now I want to have Windows2000 clients. I want to utilize their built-in
> ipsec client. I've seen there's a X509 patch to FreeS/WAN. This makes it
> use keys that come to it wrapped up in the form of certificates, as
> oppsed to either secret keys or rsa keypairs in ipsec.secrets as I
> understand it.
>
> I'm only interested in pursuing X509 on FreeS/WAN if it's necessary to
> this purpose. If the Windows2000 ipsec client, like my linux FreeS/WAN
> client, knew how to use secret keys or rsa keypairs I'd go that route
> and not patch FreeS/WAN. But I get the feeling W2K does certificates
> only. Can somebody please confirm or deny?
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Kuba Leszewski: "[Users] how to make ipsec tunnel a default gateway ?"
Previous message: Andreas Steffen: "Re: [Users] Windows 2000 native IPsec and x509 certificates"
In reply to: David Morgan: "[Users] W2K necessitates using certificates?"
Next in thread: Chris Wilson: "Re: [Users] W2K necessitates using certificates?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:19 CEST