Differences between version 6 and previous revision of IPSecConfiguration.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Monday, November 17, 2003 10:30:53 pm | by MichaelBordignon | Revert |
| Older page: | version 5 | Last edited on Monday, November 17, 2003 10:29:58 pm | by MichaelBordignon | Revert |
@@ -15,13 +15,14 @@
__Note:__ While almost all IPSec implementations known to man support PSK, very few support RSA. The rest (pay attention anyone who needs to communicate with a Windows host) use X.509 certificates for authentication. FreeS/WAN does support this but requires a patch to the code and various other bits that I'm not quite sure how work. Watch this space!
__NextNote:__ If you are wanting to interoperate with Windows 2000/XP, make sure that
a) The .p12 certificate which you export is added to the __local machine__ and not the __current user__. This is the first mistake I made. Otherwise, you'll get something like
- auth.log.:Nov 13 15:26:08 peer pluto[21342]: "remote-win2k-2"[2] 166.179.32.102 #2: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA
+ auth.log.:Nov 13 15:26:08 peer pluto[21342]: "remote-win2k-2"[2] 166.179.32.102 #2: encrypted Informational
+
Exchange message is invalid because it is for incomplete ISAKMP SA
b) If there are any stateful firewalls in between the road warrior and the internal machine, make sure you allow ESP (protocol 50), with something like
iptables -A INPUT -p esp -j ACCEPT
__YetAnotherNote:__ Instructions on exporting x509 certs for use on 2k/xp can be found at http://www.natecarlson.com/linux/ipsec-x509.php, with a wealth of information at http://www.jacco2.dds.nl/networking/freeswan-l2tp.html. You'll also want a free utility found at http://vpn.ebootis.de to make the necessary IPSec policy changes to win2k/xp when you want to connect.
For an example PSK setup, head over to [IPSecConfigurationPSK]. %%%
For an example RSA setup, head over to [IPSecConfigurationRSA].
