[Openswan Users] Setup Help Wanted...
Stef
stef at ummon.com
Sat Dec 11 20:26:32 CET 2004
Hello Everyone,
Okay, this is probably a 'hugely' (or frequently
at any rate ;) asked question but.. can anyone help with
the setup of openswan as a client ? The 'powers that be'
have requested everyone to use VPN (With X.509 certificate
of course).
I have currently a setup like;
Home Network Dual Homed Gateway
192.168.2.x <--> [ 192.168.2.1/24.42.x.x ] <-> Internet
And hopefully get something like this;
Home Network Dual Homed Gateway
192.168.2.x <--> [ 192.168.2.1/24.42.x.x ] <-> Internet
+
[ 192.168.2.1/24.42.x.x] <-> remote gw <-> Network
Its... proving to be a pain. I -thought- that I
had the config sorted, and then, of course, the decision
came from 'on high' that i needed to use X.509 certificate
rather than an RSA key.
Obviously, i would prefer all traffic from the home
network to still go out through the internet and -only- the
internet. Any login's on the gateway should be permitted
access to the remote network. The remote network should be
denied from seeing any machine -except- my gateway.
I also have the certificate in an email, something
along the lines of the following...
Type Self-signed X.509 Certificate
Version V3
...
-----BEGIN CERTIFICATE-----
MIICDTCCAXagAwIBAgIEQbszejANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDDBlw
...
kw==
-----END CERTIFICATE-----
can i jst simply put this into the /etc/ipsec.d/certs
directory or do i need something else ?
Thanks
Stef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20041211/13c2d634/attachment.bin
More information about the Users
mailing list