From: Sam Sgro (sam_at_freeswan.org)
Date: Tue Sep 17 2002 - 20:23:56 CEST
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 17 Sep 2002, Jochen Staerk wrote:
> 1) on http://www.freeswan.org/doc.html
*snip*
> and Linux FreeS/WAN 1.00 HTML Documentation tree seem to be unavailable.
> on "today's snapshot" in the Quickstart Guide to Opportunistic Encryption
> http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/quickstart.html,
We've had some issues with our webserver ISP going under, with Paul Wouters
coming to the rescue so that we have some web presence at www.freeswan.org.
We are currently trying to correct the situation.
> ipsec verify is used 8 times, but not available in free s/wan 1.98b. is
> there a similar command for 1.98b?
The command was introduced in 1.98. Do you not have a "verify" script in
/usr/local/lib/ipsec? Are you sure you have 1.98b installed correctly?
> I have a masquarading router which shall give computers in my network
> access to a cisco vpn 5000. Suse 6.4 is installed on the router but this
> will probably be upgraded to 8.0 to get this thing working (remark to
> the docu, service ipsec start isn't available either, this could be
> red-hatted). As far as I understand, i need an "opportunistic gateway";
> Is that right?
No; you'll need a VPN/Roadwarrior connection to the Cisco in question, as the
Cisco does not support Opportunistic Encryption.
> "Not to disturb our servers", we use an DSL connection for intern
> purposes. Since this does give us dynamic ips, another question is,
> whether we can have full opportunism with our DSL line, since full
> opportunism seems to be required (for an opportunistic gateway) and
> seems to require a static ip.
True; without access to your reverse map, you can only do Initiator only OE,
and will be unable to receive incoming OE connections
> We need only one machine to actually access the VPN, so
> "hand-configuring a tunnel" would be an option, if it does not require
> the assistance of the vpn 5000 administrators, would it?
It might; setting up VPNs can be a complex process, and access to the Cisco's
configuration and/or logs can be very useful as a starting point.
> what is a left subnet? Is it the usnecure network and the right subnet
> the VPN i want to make connections to?
Left and right are arbitrary, and each represent one "side" of the connection.
An IPSec device will be represented as "left" or "right", and the protected
networks (if applicable) represented as "leftsubnet" and "rightsubnet".
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPYdzPkOSC4btEQUtAQFJ1QP8Cy0x2erGZDMe5QLFXxz+0RnSlqB0Pqsl
5X5J+rzk4+cJj3+lYrjQtTuV3pdIoNA7LNUOKxBzyrEb7wcbEdwUkqeTpec6eLT8
IqdK6rVbKrWs/RBt6oGuT9LWG35sU03TTN79hszMxR0PK9uczjMMlHN8ezh588PH
vGDzPIWfSSk=
=if1l
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Wed Sep 18 2002 - 05:20:11 CEST