On 03/25/2013 11:47 AM, Bill Davidsen issued this missive:
sean darcy wrote:
On F17 trying to configure Host2Host VPN to use with my galaxy nexus.
The Fedora wizard on requires a "remote address". I've tried 0.0.0.0,
which got
an error of:
racoon: INFO: unsupported PF_KEY message REGISTER
I've also tried the internet facing interface.
When I tried to connect I get:
ERROR: exchange Identity Protection not allowed in any applicable rmconf.
What I obviously don't have is the whatever remote address the phone
will be
assigned.
ConnectionType=Host2Host
EncryptionMode=auto
IKEKey=<inserted in android client>
IPsecld=gnexus
OnBoot=True
RemoteIPAddress= ?????
Can I set up the Fedora VPN for a "road warrior"?
sean
There is no "the Fedora VPN" for starters, both openswan and openvpn are
available. I don't know what the setup menu in Network Manager uses,
probably openswan, but I'm guessing.
For what it's worth, I've had good results with openvpn, setup is to
some extent manual, but it works, and doesn't seem to ask questions you
can't answer. And you can set it up for road warrior operation from a
linux machine, have not looked at what the VPN setup on Android phones
does, so if that's your goal I have no info to share.
We use a Cisco VPN, so I just use my 'Droid as a mobile hotspot (or a
tethered modem), then use vpnc to open a VPN off our VPN gateway and it
works fine. I prefer the tethered mechanism for security reasons.
Note that it also works using my Verizon 4G hotspot doo-dad in wifi
mode. I haven't tried it in bluetooth or tethered mode yet because
every time I dig it out, it's because others in my group need access
as well so I have to share--usually preceeded with my grumbling "Get
your own, dammit! This is expensive!" :-)
Here's my expurgated /etc/vpnc/default.conf file:
# VPN Setup...
# Don't timeout...keep going
DPD idle timeout (our side) 0
# Force Cisco UDP NAT mode (for idiot routers that use MTUs
# <1500 bytes...may not be necessary at all times)...
#NAT Traversal Mode cisco-udp
IPSec gateway <MY-VPN-GATEWAY>
IPSec ID <MY-GROUP-ID-ON-VPN-GATEWAY>
IPSec secret <GROUP-PASSWORD-ON-VPN-GATEWAY>
Xauth username <MY-USERNAME-ON-VPN-GATEWAY>
Xauth password <MY-PASSWORD-ON-VPN-GATEWAY>
I normally connect to the wifi hotspot off the 'Droid or 4G access
point, then run "vpnc" and off we go.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ri...@alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- Never test for an error condition you don't know how to handle. -
----------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
