I have already modified my subnet at home to use 192.168.3.x (to make it simpler on your end) and I am available for some testing. I have gotten my copy of Dachstein/IPSec working. I am in the middle of writing up my diary to post to the list, I would be glad to help as much as possible...
Joey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MLU Sent: Tuesday, April 16, 2002 1:35 PM To: Charles Steinkuehler Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Floppy VPN (Dachstein based) Thank you Charles. I will try to find somebody running Dachstein firewall and test with them. But then I need to modify my internal subnet so that it is different from the one on their system. For e.g., 192.168.9.x instead of 192.168.1.x, as probably they will use 192.168.1.x by default. Is that correct? ---------- Original Message ---------------------------------- From: "Charles Steinkuehler" <[EMAIL PROTECTED]> Date: Tue, 16 Apr 2002 13:03:47 -0500 >> - I run VPN-client on the internal W2K machine to connect to my >> office. According to Charles, I will not be able to use it if I install >> IPSEC gateway on the router. If say I have 2 internal subnets, say >> 192.168.1.x and 192.168.2.x. If I only setup the IPSEC for >> remote-accessing 192.168.1.x, could I still use my VPN client on the >> other subnet, 192.168.2.x to connect to my office. > >No...the firewall can only do one flavor of IPSec at a time (ie masquerade >or VPN gateway). > >> - My office is using a Cisco VPN (I do not know the exact >> version). Is it possible to connect it to the LRP IPSEC gateway, and if >> so, what should I prepare for/ask our sys-admin? > >It is possible, although I have not personally done this. There is data on >Cisco <> FreeS/WAN interoperation on the FreeS/WAN website. > >> - What is the difference between ipsec.lrp and ipsec509.lrp. If >> I do not use X.509 certificates, do I have to install ipsec509.lrp? > >The ipsec509.lrp package includes a couple of programs that have been >updated to use x.509 certificates. If you are not using certs, you do not >need the ipsec509 package. > >> - As I do not have access to another router, for starting, I >> will set up IPSEC for Road-Warrior only. Is there any way I can test it >> remotely from a Unix box (Solaris at the university I attend). I have >> some friends running Windows but I have to go to their places to test. > >It would be possible to do this, but it's probably easiest to try to test >with another Dachstein firewall. > >If you can't test with another Dachstein firewall, you should probably try >to either setup the actual VPN link you'll eventually want to use, or do >testing with a similar remote system (ie another cisco). If you try testing >with something like a solaris box, you'll be hitting all the problems caused >by non-identical IPSec implementation you'll run into with the Cisco (ie >different config file formats, finding mutually agreeable configuration >setups, etc), and while you'll learn a lot about IPSec, you won't >necessarily learn a lot about making it work in your desired application. > >Testing with another Dachstein firewall will be simpler, and will primarily >teach you about configuing FreeS/WAN, which is a big part of configuring >FreeS/WAN to work with your Cisco... > >Charles Steinkuehler >http://lrp.steinkuehler.net >http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
