While i am not 100% sure but i think that Jacques has included the ipsec509 patches to the latest ipsec.lrp package.
This means you no longer need to have a separate ipsec509.lrp. All, please correct me if i am wrong :) -----Original Message----- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 1:01 PM To: Simon Chalk Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Ipsec Setup with Bering LEAF Simon Chalk wrote: > Hi > > We are considering using a Bering firewall to connect two networks via > the internet. Both these networks will have a windows 2000 server > which will need to communicate with each other. > > I have got to grips with installing Bering and Shorewall, but I am > struggling with ipsec > > I have several questions associated with the setup: - > > 1) Do I need ipsec or ipsec509 for use with windows 2000 servers > located on each network. The fact that you're using windows 2000 servers doesn't matter if the two bering boxes are the VPN gateways. I'd suggest using plain RSA keys (ie ipsec.lrp) unless you need to interoperate with something that requires the use of certificates. > 2) If I do need ipsec509, then I note that the current release of > Bering seems to have broken links to the ipsec509.lrp file. Can't help with this one. > 3) Is there any further documentation on the setup of ipsec for a > network to network setup, particularily with setup of certificates. I > started to go through the Bering documentation (LEAF "Bering" user's > guide), and attempted to use the openssl, which is installed on my > spare Mandrake 9.0 box, but errors are generated when I try to run the > following to setup a certificate authority. > > # mkdir -p demoCA/private; mkdir -p demoCA/newcerts; > # touch demoCA/index.txt; echo 01 >> demoCA/serial; chmod -R 700 demoCA > # openssl req -x509 -days 3650 -newkey rsa:2048 -keyout > demoCA/private/cakey.pem -out demoCA/cacert.pem > > The above runs ok, but when I run the following > > # openssl ca -gencrl -out crl.pem > > I get no such file or directory trying to load CA private key The main documentation for ipsec is the FreeS/WAN site, which includes *LOTS* of information: http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/index.html http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/config.html Note that X.509 support is in the form of a patch, with documentation available at a different location: http://www.strongsec.com/freeswan/ http://www.strongsec.com/freeswan/install.htm -- Charles Steinkuehler [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
