[Openswan Users] Don't know how to configure ID for "we require peer to have ID 'w.x.y.z', but peer declares '0x'"
Moritz Bunkus
m.bunkus at linet-services.de
Wed Jul 11 09:20:42 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey,
On 2012-07-11 15:12, Dave Stubbs wrote:
> This isn't exactly a solution, but from a corporate IT perspective,
> if I was your customer and I issued you a company-mandated NCP VM,
> and then discovered you were trying to scoop out the settings and
> use another VPN technology to connect to me, it would result in a
> fundamental trust issue, and I would be looking to replace you.
> Why don't you just suck it up and use the mandated solution?
Rest assured that I asked my client before I attempted this and got his
OK. What he's strict about is that the technology won't change on the
server side (e.g. he won't install a different IPSEC software or
something like OpenVPN). Which client program we use is up to us,
though; the virtual machine itself is not mandated, neither is that
particular instance of the NCP client program.
There are several reasons why would prefer using a different solution:
1. The provided virtual machine cannot route traffic, and only one
connection can be open at the same time. Therefore it's kind of hard to
work with multiple persons on the problem at the same time.
2. All of our technicians use either Linux or Mac on their machines,
hence the need for the virtual machine in the first place. The client is
Windows-only.
3. The virtual machine uses a Windows that's not activated.
4. As soon as the client is connected it will stop most network traffic
to the local network, probably for security reasons. Therefore we cannot
use things like RDP, TeamViewer, VNC or SSH in order to connect to the
virtual machine. Instead we have to work inside the machine's client
program (e.g. VMWare or VirtualBox), again making it harder. Suffice to
say copy & paste doesn't work.
etc. etc.
Of course we can somehow work like this, but as we have the "OK" to use
a different client we would really like to do just that.
Kind regards,
Moritz
- --
Dipl.-Inform. Moritz Bunkus
Geschäftsführer/CTO
LINET Services GmbH | Am Alten Bahnhof 4b | 38122 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
Geschäftsführung: Moritz Bunkus, Philip Reetz und Timo Springmann
HR B 9170 Amtsgericht Braunschweig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/9fakACgkQytrgL1vrgRrwoQCgiGYbigjkHEbLyaGfMvPYmpiz
gHQAnjIqyXQAv04B6cx/k/15xtKvZS2H
=bVd6
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: m_bunkus.vcf
Type: text/x-vcard
Size: 314 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20120711/d1c1c998/attachment.vcf>
More information about the Users
mailing list