<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content=text/html;charset=iso-8859-1>
<META content="MSHTML 6.00.6001.18294" name=GENERATOR></HEAD>
<BODY id=MailContainerBody
style="PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-TOP: 15px" leftMargin=0
topMargin=0 CanvasTabStop="true" name="Compose message area">
<DIV><FONT face=Arial size=2>Hi all,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I am doing some fine tuning here so I have a couple
of comments and questions regarding Openswan and VPN in general.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>First, Openswan is a mighty fine VPN solution. Yes
I know I had my n00b questions, but looking back it is easy to configure and
user friendly. Second, I am in the midst of putting to together more refined
howto for Openswan and Netgear (subnet to subnet) configuration. Reviewing the
notes I have taken (thanks to Paul at Xelerance and the fine folks on this list)
and comparing them against what is currently on the Openswan wiki and Netgear
forums, I thought to give back by taking the time to put together a more concise
guide (complete with screen shots). I hope to send this to both Paul and June
(mod at the Netgear forums) for their editing and review. Plan to leave the
final doc in their hands to distribute publicly as they see fit.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>With that said, a few clean up
questions:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<UL>
<LI><FONT face=Arial size=2>I have my SA lifetime set at 3600 (default) so in
my securelog I am seeing repeated rekeying and reinitialization from State
Main 1 until the tunnel is reestablished. Is this healthy?</FONT>
<LI><FONT face=Arial size=2>I still do not understand the full requirements
for setting up iptables. My subnet on the Openswan side goes through a virtual
gateway and can talk to the remote subnet just fine when iptables are off.
When iptables are on, nothing gets through the tunnel. Can I get a more
concise understanding on how to configure iptables. Hours of exhaustive
research has tons of different ways. I just need to be pointed to the right
way.</FONT>
<LI><FONT face=Arial size=2>I am still trying to understand the mystery of
using certificates. On the Netgear side, they grant me a CSR which I use a CA
to sign the request. The Netgear router uploads both the CA and Cert just
fine, but Openswan begs for either a private key. When I use the private key
from the CA, Openswan complains. When I use the public key from the Netgear
generated CSR it really complains. Did I miss something?</FONT></LI></UL>
<DIV><FONT face=Arial size=2>Thank you Paul and everyone on the list for helping
me. It has been a enjoyable project and I want to give back by putting together
a good guide for future n00bs like me.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>JT</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>JT Edwards<BR>Senior Solutions Architect
(Automation and Service Management)<BR>IBM Tivoli Certified<BR>Direct:
281-226-0284<BR>Direct: 512-772-3266<BR>Follow Me: 1866-866-4391 ext 1<BR>AIM
tstrike34<BR>GoogleTalk <A
href="mailto:tstrike34@gmail.com">tstrike34@gmail.com</A></FONT></DIV></BODY></HTML>