From: Sancho2k L. <li...@sa...> - 2002-10-28 14:07:01
|
Thanks for the direction ;) Bjørn Rasmussen wrote: > >>>>>>>>>>>>>>>>>>>Original Message <<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>> > > On 24.10.02, 00:14:42, "Sancho2k Lists" <li...@sa...> wrote > regarding [Devil-Linux-discuss] freeswan "road warrior" config: > > > >>Greetz list, > > >>I'm starting to look at Devil-Linux for a VPN server that our >>home/remote users can connect into our network through. > > > Then you've come to the right place ;-) > >>I read that the devil-linux inclusion supports X-509 certs. Does >>anyone have a resource or reference for setting this up? I'm only >>hoping, but I know my next stop is back to the freeswan documentation >>page. > > > There are several links regarding this topic (FreeS/wan to W2k) in the > FreeS/wan documentation. The trick is you've to read them all, several > times! Some of the links refer to older versions of FreeS/wan, and some > miss some information. Reading them all, you should manage to get it > running. > > The second problem is the complexity. It's very easy making mistakes > (almost like Sendmail). Even when you've browsed your configuration > several times for errors, it's still a great possibility you've > overlooked something. If it's not working, this is the reason! > > Configuring the W2k-client using the included gui-tool is very confusing. > Use the free ipsec.exe tool referred to in the docs. This is similar to > configure FreeS/wan. The ipsec.exe also allows roadwarriors (clients > using dynamic ip-addresses) for the W2k-client. > > >>Also, can anyone reccomend a decent _free_ client for use with Windows >>2000? I've noticed PGPnet, etc. but we'd really only be in the order >>for something free. > > > Use the W2k-client + ipsec.exe tool! Use PGP-net for older > Windows-versions! > > As far as I know/remember: PGP was acquired by McAfee that was acquired > by CA. At this time the ipsec-client was added and PGP + ipsec became > PGPnet. Recently PGP has founded a new company, and the PGP NOT incl. > Ipsec is their product. No one support PGPnet anymore. > > For this reason, it's probably not wise deploying this software in a > company. > > The free version of PGPnet is only for no-profit use. > > The free version is limited: You cannot use x509 certificates. You > cannot see past the peer ipsec-gateway (i.e. the office-net) unless > you're using firewall masquerading-techniques. > > These limitations doesn't exist in the commercial version, but I'm not > sure you can get it anymore. Can anyone tell me where to buy it? > > > Use trouble-shooting aids both for W2k and FreeS/wan! Turn on the > Oaklay-log to see the ipsec-negotiations for W2k, "plutodebug=all" in the > ipsec.conf for FreeS/wan! After some training reading the logs, you'll > get an idea what's missing in your config. This is documented in the > W2k-links in the FreeS/wan docs. > > Once you get one client up, new connections is piece of cake :-) > > ________________________________________________________________________ > __ > > Bjørn Rasmussen Tel: +47 38 04 09 55, +47 911 > 27367 > Bjørn Rasmussen Nettverkstjenester E-mail: bj...@se... > Moneheia 47, Web: > http://wind.prohosting.com/bjoernr > Kristiansand, 4656 Org.nr. 981 646 770 MVA > > RHCE: http://www.redhat.com/rhce/rhce807001641802868.html > MCSE, MCP, MCP+I: NT 4.0 > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |