> it's the same thing here ...
Could you be a bit more precise on that one?
Shall I download the CSR in PKCS#12 format and where do I store it on MNF?
In the help it talks about 4 different files to be stored into MNF. I don't
really understand????
> > Also when it comes to actually setup a new connection in
> MNF how would you
> > do it?
> > Let's assume my MNF box is connected to the internet using
> a modem and has
> > dynamic IP and I use the client VPN of MNF to connect to my
> office ASL box.
> > So would I go for this:
>
> how do you that in ASL ?
In Freeswan I think you just put 0.0.0.0 in the right or left bit to tell
Freeswan that this is dynamic IP, I mean that's how it does it in ASL.
Please find the content of the ipsec.conf file on the ASL box for a x509
tunnel, in this scenario the right side is a roadwarrior ithout a fixed IP
address, it uses the email address as an ID.
config setup
interfaces="ipsec0=eth2"
klipsdebug=none
plutodebug=none
dumpdir=
manualstart=
pluto=yes
plutoload=%search
plutostart=%search
plutowait=no
fragicmp=no
packetdefault=drop
hidetos=yes
uniqueids=yes
overridemtu=16260
conn %default
rekeymargin=9m
rekeyfuzz=100%
keyingtries=0
conn LifecycleVPN_1
type=tunnel
keyexchange=ike
auth=esp
pfs=no
esp=3des
keylife=3600
ikelifetime=7800
compress=no
left=XXX.YYY.WWW.ZZZ
right=0.0.0.0
auto=add
leftnexthop=AAA.BBB.CCC.DDD
leftsubnet=0.0.0.0/0.0.0.0
leftid="XXX.YYY.WWW.ZZZ"
rightid="[EMAIL PROTECTED]"
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
> you'll have to understand that this is a firewall and not a single
> station. It assumes that you have a network behind it. It could work
> without it though.
I understand this. I will have a network behind it for sure. But the point
is that as a remote worker I'm likely to be on a dynamic IP, which means I
will have to reconfigure the Firewall VPN evertime I reconnect to my DSL
provider.
And if I use SSH Sentinel behind a NAT firewall then it won't work as MNF
doesn't support NAT-T (or does it?).
