[Openswan Users] Replace RRAS
serge.fonville at gmail.com
Wed Apr 16 05:52:00 EDT 2008
I have come a little closer
Additionally I installed ppp and pptp
I defined users in chap-secrets
and created a connection in wondows vista, everything now works as
expected, except for a few things.
I cannot find any information on how to use dhcp over the connection,
nor does it seem possible to login using local users.
Exccept from that, I am only slightly disappointed I couldn't get l2tp
to work (which seems to be related that it is not possible top have
nat at both ends)
On Tue, Apr 15, 2008 at 1:01 PM, Serge Fonville
<serge.fonville at gmail.com> wrote:
> I posted about this in the past, but wasn't exactly clear on whatI meant.
> I am currently running gentoo.
> I did 'emerge xl2tpd openswan ipsec-tools iptables'
> I added all kernel components (statically) and 'ipsec verify' gives:
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.9/K2.6.24-gentoo-r4 (netkey)
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> Checking for RSA private key (/etc/ipsec/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
> I ran 'ipsec newhostkey --output /etc/ipsec/ipsec.secrets --bits 2048'
> I read the following:
> What I want:
> To be able to connect from a Windows XP/Vista client while
> atomatically obtaining all the required information (PSK/Certificates)
> Both left and right are behind nat.
> I want to be able to access the entire subnet from the windows client
> The client should receive a VPN ip form the dhcp server in the other
> subnet (which currently runs on another machine (moving is an option
> if absolutely necessary)
> The user should login with an Linux user (some would get /sbin/nologin as shell)
> Based on what I read this should be possible, but I have no idea where
> to go from here
> Any advice or steps to take would be greatly appreciated
> If I learn anything new meanwhil I will post them here
> Thanks a lot in advance
More information about the Users