From owner-freebsd-net Wed Mar 20 6: 3:58 2002 Delivered-To: freebsd-net@freebsd.org Received: from web20006.mail.yahoo.com (web20006.mail.yahoo.com [216.136.225.69]) by hub.freebsd.org (Postfix) with SMTP id 8C4F537B404 for ; Wed, 20 Mar 2002 06:03:55 -0800 (PST) Message-ID: <20020320140353.19403.qmail@web20006.mail.yahoo.com> Received: from [61.223.2.150] by web20006.mail.yahoo.com via HTTP; Wed, 20 Mar 2002 06:03:53 PST Date: Wed, 20 Mar 2002 06:03:53 -0800 (PST) From: Vincent Chen Subject: IPSec for roaming user? To: net@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear all, I am trying to figure out how to let roaming users access internal resource via freebsd as IPsec gateway. Because they have dynamic IPs. How can I write security policy to deal with this? Is there any IPsec client for windows platform available? Is it ok to let ESP packet coming in and out from anywhere? BTW: I am using pre-shared key for IKE. I have my CA certificate generated by openssl installed on windows 2000. This CA certificate works fine for https and s/mime. When I tried to use certificate to authenticate IPSec client, windows 2000 ask me to choose a trusted CA but my CA didn't appear in the list. Is there any special requirement to generate certificate for IPsec? Thanks for your help, Vincent Chen __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message