> As I said earlier, and KLIPS debug = all reported this, my setup was not > working as the SME was sending out its Authentication Identifier as @[IP > Addr], and I had set my SnapGear up to be looking for head@work from my > headoffice so the connection was being dumped before the RSA public keys > were checked. This is why something to report the current Authentication ID, > and / or set it to your preferred ID would be worthwhile. >
This is an easy change to make to display or allow it to be set. > In the end I want to be able to set up multiple IPSec based VPNs from (in my > case 3) home users with cheaper dynamically assigned IPs to my head office > with its static IP. > > If we want to take this to the ultimate IPSec RPM, we should allow dynamic > at both ends (hopefully tied into dyndns). > It has been a while since I read the freeswan docs but I believe the last time I read them there wasn't any mention of both ends being dynamic. This might be possible as you suggest with dyndns. I just got some more computers in so I can setup a test environment and should have more time soon to start back doing some e-smith dev work. > So further down this development path we will need to make room for > additional /etc/e-smith/templates/etc/ipsec.conf/30Connections and / or a > complicated script in there to read from multiple entries in > /home/e-smith/configuration. Likewise > /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey will need to be modified > to allow multiple secrets. The current rpm saves the vpn info in /home/e-smith/vpns It is setup to allow as many vpns as you want to setup. The RSAKey though is only setup to create one for the machine, but it would be easy to setup one per connection if that is possible with freeswan (it has been a while since I read the freeswan docs). Andy Worthington -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
