Thanks for all the help, everyone, and especially to Lonnie. I got it working fine at last. I've then dug a little further, and I've got it establishing a cert-based IPSec VPN to a Smoothwall, which uses Openswan. If this is of use to anyone, let me know, and I can give some details.
I'll probably not write it up on the wiki, since the Openswan config was done via the Smoothwall GUI, so I imagine there would be some work to generalize the instructions to work with bare Openswan. Anyway, it seems to work, if it's ever of use to anyone. I hopefully intend to roll it out onto our live sites in the future (Smoothwall at head office, AstLinux at remote sites). Thanks again Tom -----Original Message----- From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] Sent: 03 April 2012 16:19 To: AstLinux Users Mailing List Cc: Tom Chadwin Subject: Re: [Astlinux-users] IPsec Peers config Tom, Take a look at ipsec-vpn.conf, it is actually a script that automatically sets the ENABLED shell variable based on the VPN rc.conf variable (among others). >From the CLI, when you issue $ arno-iptables-firewall restart you should see something like: -- IPsec VPN plugin v0.83BETA Loaded kernel module ipt_policy. Loaded kernel module iptable_nat. Applying rules for VPN nets .... Allowing internet hosts .... to access the VPN service -- Lonnie On Apr 3, 2012, at 10:08 AM, Tom Chadwin wrote: > Is the ENABLED var in the config file set to 1, or is it enabled > without that text file changing? > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Sent: 03 April 2012 16:05 > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] IPsec Peers config > > > On Apr 3, 2012, at 9:48 AM, Michael Keuter wrote: > >> Am 03.04.2012 um 16:33 schrieb Lonnie Abelbeck: >> >>> Tom, >>> >>> You don't need to enable the IPsec VPN plugin, that is done > automatically, as the comment in the plugin states. >> >> I also needed to enable it manually (because it still was disabled, >> after > enabling IPSec (on 0.7.10 though)), otherwise it didn't work for me. > > I just tested it, and the IPsec VPN plugin is enabled automatically. > > Lonnie > > > > ---------------------------------------------------------------------- > ------ > -- > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. > Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ---------------------------------------------------------------------- > -------- Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second resolution > app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
