[Openswan Users] Openswan & TFTP
Julien Bonjean
julien.bonjean at savoirfairelinux.com
Fri Nov 14 08:28:06 EST 2008
Paul Wouters wrote:
> On Thu, 13 Nov 2008, Julien Bonjean wrote:
>
>> I'm using Openswan with TFTP (boot on lan). The client is able to
>> retrieve kernel and initrd even if Openswan is running on master.
>> But, in initrd I am not able to do a 'tftp get' to retrieve some
>> files (ipsec.conf and ipsec.secrets for example) before running
>> Openswan : I get a timeout. Is there any explanation/workaround ?
>> Thank you.
>
> I am not sure I understand. If you haven't gotten the openswan config
> files yet, then openswan is not running, so it is not causing the
> problems you have. But if it is already running, then why would you
> still be trying to get files?
>
> Paul
Sorry if I wasn't clear. Openswan is already running on server because
some clients may have already established a VPN with it. The problem is
when another client wants to establish a connection or if a client
reboot. For some security reasons we don't want to store ipsec.secrets
and ipsec.conf in client initrd so it must retrieve them by tftp but
server doesn't accept unencrypted connection as Openswan is already
running (for other clients) ... I currently use a second unencrypted
connection to retrieve files but I would like to avoid this.
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: julien_bonjean.vcf
Type: text/x-vcard
Size: 376 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20081114/5e572fa5/attachment.vcf
More information about the Users
mailing list