[Openswan Users] OpenS/WAN (Linux) -> ISAKMPD (OpenBSD)
Mark Voelker
mhsvoice at rocketmail.com
Fri Jun 11 07:07:46 CEST 2004
Hi all,
I'm trying to help secure the wireless portion of a small LAN
that looks something like this:
INTERNET
|
|
-----------------------------------
|1st NIC |
|OpenBSD NAT/Firewall Box |
|2nd NIC 3rd NIC |
|172.16.1.1 10.0.0.1 |
-----------------------------------
| |
| |
<wired layer 2 switch> <wireless access point>
<172.16.1.0/24> <10.0.0.0/28>
| | | | | |
| | | | | |
| | | | | <a few wireless linux laptops>
<multiple linux PC's>
The idea is to establish a VPN connection that will give the
wireless clients access to the internet and secure the wireless
link between client and OpenBSD box better than WEP alone. The
OpenBSD box is running OpenBSD 3.5 with all the latest patches
(yes, including yesterday's ISAKMPD patch), and the Linux
laptops are Road Warriors running Fedora Core 1 with a 2.4.x
kernel and OpenSWAN 2.1.2 built from the tarball. Currently,
they just use WEP and have 10.0.0.1 as their default gateway.
For the sake of simplicity, let's assume there's just one laptop
out there that needs to be serviced, and it's IP is 10.0.0.7.
I'm pretty new to OpenSWAN and IPSEC in general (I was actually
working on a similar setup a few months ago but the project was
canceled before I really got started), so I'm having a bit of
trouble getting this set up. Has anyone out there done
something similar to this before? Perhaps you could even
provide me some sample config files? Ideally, I'd like to do
this using X.509 certificates (which I see from the
interoperating page is possible).
Thanks for any help you can offer!
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
More information about the Users
mailing list