> it's the same thing here ... Could you be a bit more precise on that one? Shall I download the CSR in PKCS#12 format and where do I store it on MNF? In the help it talks about 4 different files to be stored into MNF. I don't really understand????
> > Also when it comes to actually setup a new connection in > MNF how would you > > do it? > > Let's assume my MNF box is connected to the internet using > a modem and has > > dynamic IP and I use the client VPN of MNF to connect to my > office ASL box. > > So would I go for this: > > how do you that in ASL ? In Freeswan I think you just put 0.0.0.0 in the right or left bit to tell Freeswan that this is dynamic IP, I mean that's how it does it in ASL. Please find the content of the ipsec.conf file on the ASL box for a x509 tunnel, in this scenario the right side is a roadwarrior ithout a fixed IP address, it uses the email address as an ID. config setup interfaces="ipsec0=eth2" klipsdebug=none plutodebug=none dumpdir= manualstart= pluto=yes plutoload=%search plutostart=%search plutowait=no fragicmp=no packetdefault=drop hidetos=yes uniqueids=yes overridemtu=16260 conn %default rekeymargin=9m rekeyfuzz=100% keyingtries=0 conn LifecycleVPN_1 type=tunnel keyexchange=ike auth=esp pfs=no esp=3des keylife=3600 ikelifetime=7800 compress=no left=XXX.YYY.WWW.ZZZ right=0.0.0.0 auto=add leftnexthop=AAA.BBB.CCC.DDD leftsubnet=0.0.0.0/0.0.0.0 leftid="XXX.YYY.WWW.ZZZ" rightid="[EMAIL PROTECTED]" authby=rsasig leftrsasigkey=%cert rightrsasigkey=%cert > you'll have to understand that this is a firewall and not a single > station. It assumes that you have a network behind it. It could work > without it though. I understand this. I will have a network behind it for sure. But the point is that as a remote worker I'm likely to be on a dynamic IP, which means I will have to reconfigure the Firewall VPN evertime I reconnect to my DSL provider. And if I use SSH Sentinel behind a NAT firewall then it won't work as MNF doesn't support NAT-T (or does it?).