[Openswan Users] X.509 + Policy Groups
Paul Wouters
paul at xelerance.com
Wed Aug 10 23:43:05 CEST 2005
On Wed, 10 Aug 2005, Ralf Gerlich wrote:
> I'm planning on setting up a WLAN segment and I don't quite trust WPA, WEP,
> MAC-"Authentication" and what-not so I'd like to add IPSEC with
> authentication based on X.509-certificates as another layer of security above
> all that.
Good idea.
> Is what I'm thinking of possible at all or am I misunderstanding something?
> Maybe there's documentation I've been missing and somebody could point me to.
> Any help is appreciated.
check out our "windows for waveec" prototype.
ftp://ftp.openswan.org/openswan/windows/wavesec/
But in essence you need on the server:
left=a.b.c.d
leftsubnet=0.0.0.0/0
right=%any
Do not forget to enable the "default gateway over the vpn tunnel" in Windows.
Paul
More information about the Users
mailing list