On Monday 13 December 2004 03:36 pm, Florin wrote: > Chris Scheidecker <[EMAIL PROTECTED]> writes: > > First off, I'd like to say that the new MNF looks awesome! Cheers to > > Florin and everyone else who's pitched in for this project. A lot of the > > new features really polish an already excellent product, and I'm looking > > forward to using it more and more. > > > > Testing out MNF2beta2, I've encountered some issues/bugs: > > > > under VPN: > > -Under CA, Other Certs: Certificate creation doesn't seem to work > > proplerly. > > > > >From the web interface, it seems like it lets me create a certificate > > > without > > > > an email address, but then I can't find it anywhere (when logged into the > > machine directly, under /etc/freeswan/ipsec.d/certs/) . I can't then add > > an email address and have it create/re-create the certificate. Creating > > a certificate with the email address filled in correctly from the start > > doesn't seem to work all the time (didn't appear at first, but after > > correcting some info in the CA cert area & re-creating the ca cert, other > > certs then were created properly). > > one needs and email address for the certificates creation ...
No, you don't need an email address to create a certificate; we're doing it right now manually on MNF1. All safenet-based vpn clients (which includes Netscreen-Remote and Sonicwall) require a certificate that does not have an email address. > > > -Under FreeS/WAN: Setting up vpn connections, %any isn't a valid entry > > for 'IP'. 0.0.0.0 seems to be acceptable, but I'm not certain that is > > the same thing. > > > > -Under FreeS/WAN: Setting up vpn connections, entering 192.168.100.0/24 > > in the 'Subnet/Netmask' feild comes up as 'invalid ip address' in the > > interface, but it is, in fact, what I want in my ipsec.conf file. > > 192.168.100.0 is accepted, but is then directly put into the .conf > > file--not correct, and it won't work. (in this case, 192.168.100.0/24 is > > LAN network for this firewall). > > for these two last questions this has been already answered on this list. > The invalid message warning is precisely a warning ... not necessarily an > error ... so you can insist and go with these chosen values ... if you > know what you're doing ... The field is labeled correctly: 'Subnet/Netmask' --you need to specify a subnet AND a netmask in that format in order to work properly, so why would it warn you otherwise? -chris > > my 2cts, -- Chris Scheidecker Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com 612.676.1946 x33 Web Development-Web Marketing-ISP Services ------------------------------------------
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
