[Openswan Users] X.509 + Policy Groups

Paul Wouters paul at xelerance.com
Wed Aug 10 23:43:05 CEST 2005


On Wed, 10 Aug 2005, Ralf Gerlich wrote:

> I'm planning on setting up a WLAN segment and I don't quite trust WPA, WEP, 
> MAC-"Authentication" and what-not so I'd like to add IPSEC with 
> authentication based on X.509-certificates as another layer of security above 
> all that.

Good idea.

> Is what I'm thinking of possible at all or am I misunderstanding something? 
> Maybe there's documentation I've been missing and somebody could point me to. 
> Any help is appreciated.

check out our "windows for waveec" prototype.
ftp://ftp.openswan.org/openswan/windows/wavesec/

But in essence you need on the server:

 	left=a.b.c.d
 	leftsubnet=0.0.0.0/0
 	right=%any

Do not forget to enable the "default gateway over the vpn tunnel" in Windows.

Paul


More information about the Users mailing list