From owner-freebsd-net  Wed Mar 20  6: 3:58 2002
Delivered-To: freebsd-net@freebsd.org
Received: from web20006.mail.yahoo.com (web20006.mail.yahoo.com [216.136.225.69])
	by hub.freebsd.org (Postfix) with SMTP id 8C4F537B404
	for <net@FreeBSD.ORG>; Wed, 20 Mar 2002 06:03:55 -0800 (PST)
Message-ID: <20020320140353.19403.qmail@web20006.mail.yahoo.com>
Received: from [61.223.2.150] by web20006.mail.yahoo.com via HTTP; Wed, 20 Mar 2002 06:03:53 PST
Date: Wed, 20 Mar 2002 06:03:53 -0800 (PST)
From: Vincent Chen <vctw@yahoo.com>
Subject: IPSec for roaming user?
To: net@FreeBSD.ORG
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


Dear all,

I am trying to figure out how to let roaming users
access internal resource via freebsd as IPsec gateway.
Because they have dynamic IPs. How can I write
security policy to deal with this? Is there any IPsec
client for windows platform available? Is it ok to let
ESP packet coming in and out from anywhere?

BTW: I am using pre-shared key for IKE. I have my CA
certificate generated by openssl installed on windows
2000. This CA certificate works fine for https and
s/mime. When I tried to use certificate to
authenticate IPSec client, windows 2000 ask me to
choose a trusted CA but my CA didn't appear in the
list. Is there any special requirement to generate
certificate for IPsec?

Thanks for your help,

Vincent Chen


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message