Chris Scheidecker <[EMAIL PROTECTED]> writes:
> Except the httpd2-naat package, all other packages are the same version as I
> had before. I noticed that the following packages were updated today, so I
> installed them (with --force):
>
> httpd2-naat-0.8-12mdk.noarch.rpm
> naat-backend-0.8-46mdk.i586.rpm
> naat-frontend-www-common-0.8-46mdk.noarch.rpm
> naat-frontend-www-en-0.8-46mdk.noarch.rpm
this is the right way to do for the moment :o)
> in
> FreeS/WAN setup, using the net/subnet form:
>
> 0.0.0.0/0 now works, but %any still does not (and is a valid entry)
%any works aswell but you get the warning ... but you can still bypass
that ... I'll eventually improve the javascript function in order to
validate %any aswell
> Certificate creation still doesn not seem to work properly, with or without
> an
> email address listed. Is there any logs I can post to the list that may
> help?
What do mean by "it doesn"t work properply" ? If you can done anything ?
Yes, please remove all the certificates entries en remove the actual
certifates /etc/freeswan/ *{key,crt} in all the subdirectories ... and
start all over again ... and explain to me what you have done exactly so I
can reproduce it here or improve the online help.
> -Chris
>
>
> On Thursday 16 December 2004 09:07 am, you wrote:
> > Hi,
> >
> > can you please try my latest packages please ?
> >
> > http://peoples.mandrakesoft.com/~florin/www/MNF/Community/RPMS/?C=M;O=D
> >
> > >Chris Scheidecker <[EMAIL PROTECTED]> writes:
> > >
> > > On Monday 13 December 2004 03:36 pm, Florin wrote:
> > > > Chris Scheidecker <[EMAIL PROTECTED]> writes:
> > > > > First off, I'd like to say that the new MNF looks awesome! Cheers to
> > > > > Florin and everyone else who's pitched in for this project. A lot of
> > > > > the new features really polish an already excellent product, and I'm
> > > > > looking forward to using it more and more.
> > > > >
> > > > > Testing out MNF2beta2, I've encountered some issues/bugs:
> > > > >
> > > > > under VPN:
> > > > > -Under CA, Other Certs: Certificate creation doesn't seem to work
> > > > > proplerly.
> > > > >
> > > > > >From the web interface, it seems like it lets me create a
> > > > > > certificate without
> > > > >
> > > > > an email address, but then I can't find it anywhere (when logged into
> > > > > the machine directly, under /etc/freeswan/ipsec.d/certs/) . I can't
> > > > > then add an email address and have it create/re-create the
> > > > > certificate. Creating a certificate with the email address filled in
> > > > > correctly from the start doesn't seem to work all the time (didn't
> > > > > appear at first, but after correcting some info in the CA cert area &
> > > > > re-creating the ca cert, other certs then were created properly).
> > > >
> > > > one needs and email address for the certificates creation ...
> > >
> > > No, you don't need an email address to create a certificate; we're doing
> > > it right now manually on MNF1. All safenet-based vpn clients (which
> > > includes Netscreen-Remote and Sonicwall) require a certificate that does
> > > not have an email address.
> > >
> > > > > -Under FreeS/WAN: Setting up vpn connections, %any isn't a valid
> > > > > entry for 'IP'. 0.0.0.0 seems to be acceptable, but I'm not certain
> > > > > that is the same thing.
> > > > >
> > > > > -Under FreeS/WAN: Setting up vpn connections, entering
> > > > > 192.168.100.0/24 in the 'Subnet/Netmask' feild comes up as 'invalid
> > > > > ip address' in the interface, but it is, in fact, what I want in my
> > > > > ipsec.conf file. 192.168.100.0 is accepted, but is then directly put
> > > > > into the .conf file--not correct, and it won't work. (in this case,
> > > > > 192.168.100.0/24 is LAN network for this firewall).
> > > >
> > > > for these two last questions this has been already answered on this
> > > > list. The invalid message warning is precisely a warning ... not
> > > > necessarily an error ... so you can insist and go with these chosen
> > > > values ... if you know what you're doing ...
> > >
> > > The field is labeled correctly: 'Subnet/Netmask' --you need to specify a
> > > subnet AND a netmask in that format in order to work properly, so why
> > > would it warn you otherwise?
> > >
> > > -chris
--
Florin http://www.mandrakesoft.com
http://people.mandrakesoft.com/~florin/
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
