S Mohan ([EMAIL PROTECTED]) had this to say on 02/09/03 at 21:18: > You do not need fswcert for Freeswan 1.96 upwards. In the ipsec.secrets > file, you can give the name of the pem file itself. Freeswan will > "automagically" discover the format of the key and extract it at > startup.
Good to know. :-) Meanwhile, I did find a copy of the fswcert program in an
old downloads directory.
> Your ipsec gateway's certificate should be stored in the
> /etc/ipsec.d/private directory (in either der or pem format) and be
> referenced in ipsec.secrets by filename with an optional passphrase as
> under:
>
> : RSA <certificate file name> <passphrase>
>
> The : RSA must start at the left margin. The file MUST have no more than
> 700 permissions and be owned by root to be secure.
>
> It works. I've tried this.
I will try that, thanks.
The example /etc/ipsec.secrets file has a format like this:
: RSA {
# -- Create your own RSA key with "ipsec rsasigkey"
}
Should I just include the filename and passphrase starting at the point of
that has mark?
I'm trying to start small, and just connect to the Pix at work. Ideally, I'd
like a subnet-to-subnet connection (we use pre-shared keys, 3DES-level), so
that the office will be transparently available to me, regardless of what
machine I am using on my home LAN (Win2K, Linux, etc).
Later, I'll see if I can do it via certs.
Then work the other way, and connect from work to home LAN, using certs.
That's the game plan, anyway. :-)
msg12875/pgp00000.pgp
Description: PGP signature
