[Openswan Users] Replace RRAS
Serge Fonville
serge.fonville at gmail.com
Tue Apr 15 07:01:27 EDT 2008
Hi,
I posted about this in the past, but wasn't exactly clear on whatI meant.
I am currently running gentoo.
I did 'emerge xl2tpd openswan ipsec-tools iptables'
I added all kernel components (statically) and 'ipsec verify' gives:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.24-gentoo-r4 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
I ran 'ipsec newhostkey --output /etc/ipsec/ipsec.secrets --bits 2048'
I read the following:
http://gentoo-wiki.com/HOWTO_OpenSwan_2.6_kernel
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
What I want:
To be able to connect from a Windows XP/Vista client while
atomatically obtaining all the required information (PSK/Certificates)
Both left and right are behind nat.
I want to be able to access the entire subnet from the windows client
The client should receive a VPN ip form the dhcp server in the other
subnet (which currently runs on another machine (moving is an option
if absolutely necessary)
The user should login with an Linux user (some would get /sbin/nologin as shell)
Based on what I read this should be possible, but I have no idea where
to go from here
Any advice or steps to take would be greatly appreciated
If I learn anything new meanwhil I will post them here
Thanks a lot in advance
More information about the Users
mailing list