Differences between version 9 and previous revision of IPSecConfiguration.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 9 | Last edited on Monday, November 17, 2003 10:35:38 pm | by MichaelBordignon | Revert |
| Older page: | version 8 | Last edited on Monday, November 17, 2003 10:31:39 pm | by MichaelBordignon | Revert |
@@ -14,15 +14,16 @@
__Note:__ While almost all IPSec implementations known to man support PSK, very few support RSA. The rest (pay attention anyone who needs to communicate with a Windows host) use X.509 certificates for authentication. FreeS/WAN does support this but requires a patch to the code and various other bits that I'm not quite sure how work. Watch this space!
__NextNote:__ If you are wanting to interoperate with Windows 2000/XP, make sure that
-a) The .p12 certificate which you export is added to the __local machine__ and not the __current user__. This is the first mistake I made. Otherwise, you'll get something like
+
+*
a) The .p12 certificate which you export is added to the __local machine__ and not the __current user__. This is the first mistake I made. Otherwise, you'll get something like
auth.log.0:Nov 13 15:26:08 peer pluto[21342]: "remote-win2k-2"[2] 166.179.32.102 #2: encrypted
Informational Exchange message is invalid because it is for incomplete ISAKMP SA
-b) If there are any stateful firewalls in between the road warrior and the internal machine, make sure you allow ESP (protocol 50), with something like
+*
b) If there are any stateful firewalls in between the road warrior and the internal machine, make sure you allow ESP (protocol 50), with something like
iptables -A INPUT -p esp -j ACCEPT
__YetAnotherNote:__ Instructions on exporting x509 certs for use on 2k/xp can be found at http://www.natecarlson.com/linux/ipsec-x509.php, with a wealth of information at http://www.jacco2.dds.nl/networking/freeswan-l2tp.html. You'll also want a free utility found at http://vpn.ebootis.de to make the necessary IPSec policy changes to win2k/xp when you want to connect.
For an example PSK setup, head over to [IPSecConfigurationPSK]. %%%
For an example RSA setup, head over to [IPSecConfigurationRSA].
