[Openswan Users] general questions
Paul Wouters
paul at xelerance.com
Mon Mar 1 11:14:56 CET 2004
On Sun, 29 Feb 2004, Scott Spyrison wrote:
> I have done quite a bit of reading this weekend with respect to all
> this, but things are honestly still a little spotty for me. I found a
> thread on the freeswan users mailing list that seemed to imply I needed
> XAUTH in order to do the authentication. It also implied that XAUTH was
> already patched into the super-freeswan/openswan releases and was not
> present in base freeswan.
It is not available in superfreeswan. It is part of openswan as of version 1.0.1.
> Another thread implied that NAT-T (NAT Traversal) is what I need for
> that other part of my question. It seemed to imply that it was disabled
> by default in super-freeswan releases and needed to be enabled in
> Makefiles via cflags. Is this still true for openswan?
NAT traversal is enabled per default in openswan.
> So, I guess my fundamental question is...given this scenario is it
> possible using openswan, or am I way off track? I think what I want to
> do looks like this:
>
> internal address of laptop->internal address of AP->external address on
> DSL modem->external address of fw->address on protected subnet
>
> Maybe one or more of those hops are not necessary with respect to
> ipsec.conf, not sure yet. Any advice, comments, suggestions are very
> much welcomed...
It should work, but note that XAUTH is very new, and you might run into
unexpected problems. But we would love to have feedback on it, both negative
(hopefully :) positive.
Paul
More information about the Users
mailing list