[Openswan Users] M$ Vista and Openswan - Road Warrior Scenario
Jacco de Leeuw
jacco2 at dds.nl
Mon Jun 25 04:33:32 EDT 2007
Howard Lowndes wrote:
> My situation is an M$ Vista Home Basic laptop behind a NAT device (DSL
> modem/router) trying to do IPSec/L2TP to an Openswan gateway sitting on
> a public IP, using PSK (to start with at least) - typical road warrior
> scenario.
>
> The road warrior config on Openswan is (adapted from
> http://www.nthdegree.com.au/sverre/publications/141004.html):
There is an error on that page:
"You quickly learn that OS X (10.4 Panther) doesn't have GUI support for
certificates, only pre-shared keys."
Mac OS X 10.4 (Tiger) supports certificates alright. It is 10.3 (Panther)
that does not support certificates (in its GUI at least).
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You forgot to exclude the internal subnet behind the Openswan server,
e.g.:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24
> conn RW_P
> # to suit PSK authentication for road warriors
Add this if you have Vista clients:
rightsubnet=vhost:%no,%priv
http://www.jacco2.dds.nl/networking/vista-openswan.html#PSK_and_NAT-T_in_Vista
> conn RW_X
> # to suit X509 cert authentication for road warriors
> authby=secret|rsasig
Add this (required for every type of client):
rightsubnet=vhost:%no,%priv
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list