[Openswan Users] openswan/smartcard to fw-1 tunnel

Paul Wouters paul at xelerance.com
Fri Apr 21 19:22:33 CEST 2006

On Fri, 21 Apr 2006, Christian Horn wrote:

> > Are you sure it is the DN that is the issue here? And not perhaps another
> > setting in your conn, such as a missing pfs=no ?
> pfs=no was set, after a 'cleanup of old certs and stuff' the FW-1 accepts
> my authorization and i can build up the tunnel.

I guess it had lingering phase-1 connections......

> Other thing is, the SecureRemote-client under windows gets a large
> (>100kb) topology-file here with instructions what networks to route
> to what firewall, i will try to use that xfrm-stuff to set those
> policies with openswan.

That would be cool :) Especially if you know openswan could obtain that
file and 'run' it.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list