[Users] uniqueid=no ??

From: Kai Korpi (kai.korpi_at_cop.fi)
Date: Mon Sep 09 2002 - 15:27:09 CEST

• Next message: Garzon Maldonado, Jesus Javier: "RE: [Users] freeswan 1.96 support fot IPv6 !!"
• Previous message: Phill Ashworth: "Re: [Users] SSH Sentinel + NAT-T"
• Next in thread: Paul Wouters: "Re: [Users] uniqueid=no ??"
• Reply: Paul Wouters: "Re: [Users] uniqueid=no ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

I am building Free/Swan VPN for roadwarrior use. Clients would be using
SSH Sentinel and nearly all of them use NAT-T. I have 3 different
subnets for roadwarriors and there are perhaps 200 users for each subnet.

What are the reasons NOT to use uniqueids=no and use ID to divide users
in groups?

This way I would not have to write conns for all users in ipsec.conf.

config setup
       interfaces="ipsec0=eth0"
       klipsdebug=none
       plutodebug=none
       plutoload=%search
       plutostart=%search
       # Close down old connection when new one using same ID shows up.
(NOT)
       uniqueids=no
<<<<<<--------------------THIS IS THE STUFF I'M TALKING ABOUT
       nat_traversal=yes

conn %default
       keyingtries=1 disablearrivalcheck=no
       keyexchange=ike
       ikelifetime=240m
       keylife=60m
       type=tunnel
authby=rsasig auto=add
       pfs=yes compress=no

###########################################################
#RW 1 (20 users)
###########################################################

conn rw1
       also=networksettings
       leftsubnet=0.0.0.0/0
       rightsubnet=vhost:%v4:172.21.1.0/24
       rightid=@admin.com

###########################################################
#RW 2 (100 users)
###########################################################

conn rw2
       also=networksettings
       leftsubnet=172.22.0.0/16
       rightsubnet=vhost:%v4:172.22.1.0/24
       rightid=@private.com
       
###########################################################
#RW 3 (250 users)
###########################################################

conn rw3
       also=networksettings
       leftsubnet=172.23.0.0/16
       rightsubnet=vhost:%v4:172.23.1.0/24
       rightid=@user.com

###########################################################
#Network card
###########################################################

conn networksettings
       left=172.20.0.1
       leftcert=freeswan.machine_cert.pem
       leftid=@fs.com
       right=%any
       rightrsasigkey=%cert

regards

Kai

-- 
************************
Kai Korpi
email: kai.korpi_at_cop.fi
************************
"Windows has detected that you have moved your mouse. Your system must 
be restarted for this change to take effect."
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Garzon Maldonado, Jesus Javier: "RE: [Users] freeswan 1.96 support fot IPv6 !!"
• Previous message: Phill Ashworth: "Re: [Users] SSH Sentinel + NAT-T"
• Next in thread: Paul Wouters: "Re: [Users] uniqueid=no ??"
• Reply: Paul Wouters: "Re: [Users] uniqueid=no ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 10 2002 - 05:19:58 CEST