Le mercredi 23 décembre 2009 à 17:13 +0100, Daniel Mentz a écrit : > I'm glad that you take on the challenge and write a guide for > beginners. > I guess that a lot of users will be grateful for your documentation.
Dear Daniel, I would prefer to write something on the wiki rather than using docbook. Sorry for my further questions, which will help we writing the doc: 1) Is there a way to use RSA ssh keys created with ssh-keygen utilities? I think it would be simple for newbies to start with their current SSH key pairs. When you mean ssh agent, is this OpenSSH agent (I guess yes). IMHO this should be the preferred connection for newbies. Is it possible for ipsec to look for private/public keys in /root/.ssh or be able to configure this? How can it be done on server and client? 2) Is there a description of the /etc/ipsec.d directory. It does not seem clear to me what this means: aacerts/ acerts/ cacerts/ certs/ crls/ ocspcerts/ private/ reqs/ Of course, private means private key. But what is the meaning of "a" or "aa" and others ? Can you explain the meaning. Example : ca = certification authority. 3) When I read moonCert.pem on gateway, should I generate a client certificate and install it on client (=roadwarrior) prior to EAP checking. Sorry, this does not seem clear to me! For example in this page (very well written): http://www.strongswan.org/uml/testresults43/ikev2/rw-eap-mschapv2-id-rsa/ My left cert is : leftcert=moonCert.pem Should I install moonCert.pem or a public key somewhere else? Daniel, I am aware my questions are silly, I pledge to write the doc when I start understanding. Kind regards, Jean-Michel
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users