Ok, so legal values of VPN would be:
""
"openvpn"
"racoon"
"openvpn racoon"
"racoon openvpn"
right?
-Philip
Lonnie Abelbeck wrote:
> Thanks Philip,
>
> My point is that if $VPN="", then no vpn should start. OpenVPN
> currently behaves this way.
>
> I am suggesting IPsec should act the same way, ie in racoon.init
>
> init()
> {
> if [ "$VPN" -a "$VPN" = "racoon" ]
> ...bla bla
> fi
> }
>
> currently this is not the behavior.
>
> Lonnie
>
>
> On Sep 10, 2008, at 7:43 PM, Philip Prindeville wrote:
>
>
>> Picking up an offline conversation...
>>
>> We currently have the "$VPN" variable in /etc/rc.conf just as we do
>> for
>> the firewall selection...
>>
>> Not sure that it's appropriate in the former case. With a firewall,
>> you
>> really only need 0 or 1.
>>
>> But with VPN, you can have mix & match of both VPN-over-IPsec and
>> VPN-over-SSL (and conceivably VPN-over-L2TP and VPN-over-PPTP and
>> VPN-over-carrier pigeons and ...) ... well, basically as many
>> instances
>> and varieties of VPN as are useful to support all the peering
>> combinations that users might have.
>>
>> Lonnie thinks that setting VPN to "ipsec", "openvpn", or "" simplifies
>> management.
>>
>> I think this is an unnecessary constraint on how VPN gets used, and we
>> should try to make it as flexible as reasonable.
>>
>> Anyone else want to contribute their thoughts?
>>
>> Thanks,
>>
>> -Philip
>>
>> Philip Prindeville wrote:
>>
>>> I'll look into it.
>>>
>>> -Philip
>>>
>>>
>>> Justin Coffi wrote:
>>>
>>>
>>>> I got a nasty error using the built in racoon config in rc.conf
>>>> using
>>>> the astlinux-0.6-1934-via.tar.gz image.
>>>>
>>>> 09-10-2008 19:50:06 Daemon.Info 192.168.XX.XX racoon:
>>>> ERROR: /tmp/etc/racoon.conf:8: "sec" NAT-T support not compiled in.
>>>>
>>>>
>>>>
>>>> Philip Prindeville wrote:
>>>>
>>>>
>>>>> Not even necessary.
>>>>>
>>>>> You can run racoon with an alternate config file, as:
>>>>>
>>>>> racoon -f /etc/racoon2.conf
>>>>>
>>>>> for instance.
>>>>>
>>>>>
>>>>> Justin Coffi wrote:
>>>>>
>>>>>
>>>>>
>>>>>> I'd like to use racoon as a client (as in Client <---> Server)
>>>>>> in VPN
>>>>>> connections. Can I, in theory, just remove the link to it in /
>>>>>> etc/ and
>>>>>> replace it with a real racoon.conf file located at /mnt/kd/
>>>>>> racoon.conf ?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
