Re: [Users] OE behind a win2k gateway

From: Sam Sgro (sam_at_freeswan.org)
Date: Tue Jan 14 2003 - 06:55:34 CET

• Next message: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Previous message: Sam Sgro: "Re: [Users] So close - resend"
• In reply to: Guillaume Cornet: "[Users] OE behind a win2k gateway"
• Next in thread: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Reply: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 13 Jan 2003, Guillaume Cornet wrote:

> Hello,
>
> I've been looking for doc for a while but it seems my problem is not so frequently raised.
>
> linux box (freeswan 1.98b) windows 2000 box (NAT) INTERNET
> 192.168.0.3 ----------------------- 192.168.0.1
> dynamic IP address ---------
>
> I want to do opportunistic encryption (e.g. to oetest.freeswan.org)
> through this damned windoze NATing box. I know a linux gateway would be
> easier but my "sysadmin" does not want one because he "prefers windows"
> (sic). The win2k gateway does not filter anything, which should make
> things easier. Any configuration advice is welcome.

*sigh* He enjoys the constant barrage of security vulnerabilities, as well as
having the option of an inexpensive VPN?

Unfortunately, this configuration is not currently supported. If it were
possible, you would be doing initiator-only OE.

In my mind, I don't think this setup is inconceivable. Would you like to
engage in a test with me?

Let's assume your win2k box supports IPSec Passthrough. I'm going to set up a
special record on my own gateway which may allow you to negotiate an
initiator-only OE connection. Basically, I'm going to create a special OE
connection with a "rightsubnet=192.168.0.3/32" entry - this would mimic the
necessary setup to get a connection working through NAT.

Anyhow, attempt to ping "rook.crowgirl.com".

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPiOmWUOSC4btEQUtAQHeTAP/WAQI0w+FQNMYZ8NakFsaH/uoxScZ9yRQ
7nEaaN5Fr66W4+WOxm/PVyAynWxggoQjnZnJs5z1EA6MG2tJVjdLP89KK8f+FqQK
qvqCZjs7BMDoBg+v95cZ4Lz8Cg8+/PDYtDog6fWGxS2Hfph44mDZp7GzZDYpxlYt
VzDDp7jn6+g=
=r40u
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Previous message: Sam Sgro: "Re: [Users] So close - resend"
• In reply to: Guillaume Cornet: "[Users] OE behind a win2k gateway"
• Next in thread: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Reply: Sam Sgro: "Re: [Users] OE behind a win2k gateway"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET