Thanks for getting back to me. I have run into problems with one command in the IPSec procedure.
>>>>>>>>>>>>>>>Snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Make your ipsec server certificate # openssl req -newkey rsa:2048 -keyout serverKey.pem -out serverReq.pem # openssl ca -policy policy_anything -in serverReq.pem -days 1825 -out serverCert.pem -notext # openssl x509 -in serverCert.pem -outform DER -out x509cert.der # fswcert -k serverKey.pem > ipsec.secrets >>>>>>>>>>>>>>>>>Snip>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> The fswcert line gives me an error saying that the command is not found. I did figure out that I need Freeswan installed on my Mandrake box. I did do some searching and found an RPM for Freeswan on Mandrake Linux. But even after running the RPM, I still can't use the fswcert command... Can anyone please tell me what I am missing here? Like I said, I am new to this configuration and any help would be greatly appreciated. Thanks in advance. Troy -----Original Message----- From: K.-P. Kirchd�rfer [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:28 PM To: Troy Aden; Leaf-User (E-mail) Subject: Re: [leaf-user] VPN shorewall options Am Mittwoch, 12. November 2003 19:06 schrieb Troy Aden: > I am looking into the best way to set up a constant encrypted tunnel > connection between two sites. (An office here and another office at a > remote location.) > Before I dive headlong into this I was hoping that some LEAF users out > there might be able to give me some advice as to what is the best option > for my situation. > First of all, I want to use Bering Uclibc rc2. I want systems on Network > one and Network two to be able to browse to each other. I want the Bering > box to manage a constant connection between the two sites meaning that if > the connection is lost, the Bering box will bring the connection back up > without any user intervention. I would also like it if the firewalls could > give priority to the traffic using the tunnel connection. > I have read the shorewall docs and I think that IPSec could do this. (IPSec > Gateway on the Firewall System) But if anyone has any other suggestions as > to a better way to go about this please let me know. Please keep in mind > that this will be my first attempt at this particular configuration so the > more basic the better. In my discussions so far someone suggested that SSH2 > could also work for what I have in mind.. Troy; You're right - IPSEC is what you want. Given you have fixed ip addresses for you're routers you'll find a lot documentation how to setup you're routers like Lynn Avants IPSec Howto: http://leaf.sourceforge.net/devel/guitarlynn/ If you have dynamic IP, I wrote a mail to leaf-user a year ago describing such a solution. kp ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
