Thank you very Charles, I will modify the RSA key in the config when I get home.
In the network.conf I have EXTERN_PROTO0="50 0/0" EXTERN_PROTO1="51 0/0" and EXTERN_UDP_PORTS="0/0_500" on both sides so I think I do not have to set firewall=yes, right? MLU -----Original Message----- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 2:35 PM To: M Lu; [EMAIL PROTECTED] Subject: Re: [Leaf-user] VPN error, please help > then I copy the part after line Modulus: 0x5652... > > and put it in line leftrsasigkey (similar for rightsasigkey with the other > key) in ipsec.conf, so e.g > > leftrsasigkey=0x5652... > > Is that OK or not. This is *NOT* correct. The Modulus is *NOT* the public portion of the key. The part you want should be the line above this. When I run ipsec rsasigkey, I get a commented line (ie: #pubkey=0s12345...). The very large number after "pubkey=" is what you put in the IPSec configuration file. NOTE: Earlier versions of FreeS/WAN used hex encoding (0x1234...) rather than the more compact "0s" format...both numbers are identical too FreeS/WAN, they just differ in format (ie the difference between 255 and 0xFF). > - Do I have to use "leftfirewall=yes" or not? From the archive and Charles' > example, I do not see that, so I do not use this line. You either need [left|right]firewall=yes, or you need to explicitly allow UDP port 500 and IP protocol 50/51 traffic to/from the machine at the other end of the VPN. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
