[Openswan Users] openswan/smartcard to fw-1 tunnel

[Paul Wouters]

On Fri, 21 Apr 2006, Christian Horn wrote:

> > Are you sure it is the DN that is the issue here? And not perhaps another
> > setting in your conn, such as a missing pfs=no ?
>
> pfs=no was set, after a 'cleanup of old certs and stuff' the FW-1 accepts
> my authorization and i can build up the tunnel.

I guess it had lingering phase-1 connections......

> Other thing is, the SecureRemote-client under windows gets a large
> (>100kb) topology-file here with instructions what networks to route
> to what firewall, i will try to use that xfrm-stuff to set those
> policies with openswan.

That would be cool :) Especially if you know openswan could obtain that
file and 'run' it.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155