List added back to thread...
> One last question, regarding ipsec.secrets, this is unique to each
machine,
> correct? And I put the entire output from ipsec rsasigkey into that
within
> the {} . Or (like a read once before) do I create an entry for each
> machine something like
>
> @shop : RSA
> {
> <output from ipsec rsasigkey>
> }
>
> @home : RSA
> {
> <output from ipsec rsasigkey>
> }
>
> this doesn't seem right since the output should be kept private, but I
read
> that through one of the man pages. Or, do I simply put the output from
the
> ipsec rsasigkey into the ipsec.secrets for each unique box?
For RSA keys, each machine needs it's own *COMPLETE* RSA key in
ipsec.secrets. *BOTH* endpoints of the VPN need the public portion of the
key in ipsec.conf.
Please note that your format above will not work for ipsec.secrets...you're
missing the required whitespace at the beginning of the RSA key lines. You
want something more like:
: rsa {
<rsa-key-stuff>
<more-rsa-key-stuff>
<more-rsa-key-stuff>
<more-rsa-key-stuff>
}
Note everything but the ": rsa" line is indented with whitespace...FreeS/WAN
is *VERY* picky about this. See the ipsec.secrets man page for all the gory
formatting details, but the above (filled in properly with real RSA key
info) is enough of an ipsec.secrets file for most RSA applications.
Unless you're trying to use multiple RSA keys on the same system (ie
different RSA keys for different VPN links), you don't need any identifying
information (the @home and @shop in your example).
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
