Hugh Fox <[EMAIL PROTECTED]> said:
> I tried to set up a link between it and my SnapGear Lite+ at home.
Coloring outside the lines are we ;->
> but the SnapGear asks for an Authentication Identifier.
I'm just new to this but I believe there are two types of authentication
that FreeS/WAN supports, PSK and RSA. PSK is a shared secret. RSA is a
shared key. Are you saying you need PSK?
It appears most everything with FreeS/WAN revolves around two
files, /etc/ipsec.conf and /etc/ipsec.secrets. These are now templated
in the rpm I provided.
/etc/e-smith/templates/etc/ipsec.conf
/etc/e-smith/templates/etc/ipsec.conf/10Setup
/etc/e-smith/templates/etc/ipsec.conf/20Default
/etc/e-smith/templates/etc/ipsec.conf/30Connections
/etc/e-smith/templates/etc/ipsec.conf/40LocalAttributes
/etc/e-smith/templates/etc/ipsec.conf/template-begin
/etc/e-smith/templates/etc/ipsec.conf/template-end
/etc/e-smith/templates/etc/ipsec.secrets
/etc/e-smith/templates/etc/ipsec.secrets/10RSAKey
/etc/e-smith/templates/etc/ipsec.secrets/template-begin
/etc/e-smith/templates/etc/ipsec.secrets/template-end
Assuming your SME5 install included 'man' both files have documentation
showing all the variables and settings:
man ipsec.conf
man ipsec.secrets
Dive in and modify or add the template fragments that work for you and
let me know the results.
cat /etc/e-smith/templates/etc/ipsec.conf/20Default
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# How to authenticate gateways
authby=rsasig
As you mentioned, maybe the above 20Default entries need changing.
keyingtries= default is '3'. As you mentioned '0' means never give up
and you have reported appears to cause bad things to happen. Maybe this
should be '10'. The rpm was previously set '0' so I have left all the
previous settings intact and only changed those where the file locations
were incorrect.
I believe it is important to make our devinfo FreeS/WAN rpm work with
standard IPSEC VPN boxes. Even if you require unique entries that don't
apply directly to an SME5 - SME5 set up we can incorporate the entries or
fragments with appropriate comments and commented out if they are not
directly SME5 related.
Thanks for testing Hugh. Look forward to your continued reports.
Regards,
--
Darrell May
DMC Netsourced.com
http://netsourced.com
http://myEZserver.com
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
