[Openswan Users] Basic Openswan question
Ladi
mafja at yahoo.com
Wed Nov 29 20:09:49 EST 2006
Hi Paul,
I didn't really do any sniffing but what i'm sure of is that if i try to disable the IPSec policy on the client (and on the server it is still enabled) then i won't be able to connect. If the policy is enabled on both sides (server and client) then then i can connect to the terminal server.
Whether the policies are enabled on client and server or disabled on the client and enabled on the server, I'm still able to connect for example to ftp or ping without any problem (because i only filtered TCP port 3389).
Anyways i'll try to sniff the traffic and see what is going on.
Thanks a lot,
Ladi
--------------
If you can't be a highway, be a trail. If you can't be the sun, be a star. It is not by size, that you win or fail. Be the best of what you are!
----- Original Message ----
From: Paul Wouters <paul at xelerance.com>
To: Ladi <mafja at yahoo.com>
Cc: users at openswan.org
Sent: Thursday, November 30, 2006 8:51:53 AM
Subject: Re: [Openswan Users] Basic Openswan question
On Tue, 28 Nov 2006, Ladi wrote:
> I'm new to IPSec and it's true, i'm a bit confused. I know that IPSec operates on two modes, tunnel and transport mode.
>
> I managed to secure the connection to the terminal server in WinXP -> Win 2k3 server and i didn't have to specify a VPN. In the win2k3 server machine i configure the IPSec policy to receive only IPSec traffic (using certificates) on the TCP port 3389 (for terminal server) for all the connections. And from the client side (Win XP) i specify to use IPSec with certificate for all the traffic going out to TCP 3389. In this way someone can connect to the terminal server from any place and still can connect as far as (s)he has the right certificates. To be honest with you i don't know which mode this is (sorry for my ignorance).
If it is ipsec, it is a transport mode or tunnel mode ipsec connection. Sniff between the machines and see what you find.
I'm pretty sure it will not be port 3389 if it is using ipsec policies.
Paul
____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited
More information about the Users
mailing list