Hugh Fox <[EMAIL PROTECTED]> said:
> I tried to set up a link between it and my SnapGear Lite+ at home. Coloring outside the lines are we ;-> > but the SnapGear asks for an Authentication Identifier. I'm just new to this but I believe there are two types of authentication that FreeS/WAN supports, PSK and RSA. PSK is a shared secret. RSA is a shared key. Are you saying you need PSK? It appears most everything with FreeS/WAN revolves around two files, /etc/ipsec.conf and /etc/ipsec.secrets. These are now templated in the rpm I provided. /etc/e-smith/templates/etc/ipsec.conf /etc/e-smith/templates/etc/ipsec.conf/10Setup /etc/e-smith/templates/etc/ipsec.conf/20Default /etc/e-smith/templates/etc/ipsec.conf/30Connections /etc/e-smith/templates/etc/ipsec.conf/40LocalAttributes /etc/e-smith/templates/etc/ipsec.conf/template-begin /etc/e-smith/templates/etc/ipsec.conf/template-end /etc/e-smith/templates/etc/ipsec.secrets /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey /etc/e-smith/templates/etc/ipsec.secrets/template-begin /etc/e-smith/templates/etc/ipsec.secrets/template-end Assuming your SME5 install included 'man' both files have documentation showing all the variables and settings: man ipsec.conf man ipsec.secrets Dive in and modify or add the template fragments that work for you and let me know the results. cat /etc/e-smith/templates/etc/ipsec.conf/20Default conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # How to authenticate gateways authby=rsasig As you mentioned, maybe the above 20Default entries need changing. keyingtries= default is '3'. As you mentioned '0' means never give up and you have reported appears to cause bad things to happen. Maybe this should be '10'. The rpm was previously set '0' so I have left all the previous settings intact and only changed those where the file locations were incorrect. I believe it is important to make our devinfo FreeS/WAN rpm work with standard IPSEC VPN boxes. Even if you require unique entries that don't apply directly to an SME5 - SME5 set up we can incorporate the entries or fragments with appropriate comments and commented out if they are not directly SME5 related. Thanks for testing Hugh. Look forward to your continued reports. Regards, -- Darrell May DMC Netsourced.com http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org