Date: Sun, 21 Jul 2002 23:37:06 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: chris scott <chris.scott@uk.tiscali.com> Cc: John Howie <JHowie@msn.com>, admin@gbinetwork.com, freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721213706.GE461@lupe-christoph.de> In-Reply-To: <001001c230e7$3f22f770$a4102c0a@viper> References: <DAEF28A9E7214B46AE7C7C66861F6308DF88@STKSRV1.securitytoolkit.com> <001001c230e7$3f22f770$a4102c0a@viper>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday, 2002-07-21 at 19:48:47 +0100, chris scott wrote: > thanks for all the advice, looks like a much bigger job than I inteneded 8( I found it a little more complicated than IP-based IPSec, but it gives you more flexibility. The biggest problem was when I screwed up with the srever DN. It took a while to find how you can get the Windows XP client to tell you what it dowsn't like. Typically Micro$oft. "Something went wrong, and as a Windows user we assume you're too stupid to understand what." Grrrr.... Racoon is quite decent, but badly documented. And when I last looked, it lacked CRL (Certificate Revocation List) support. And I needed that for my client, so I had to use FreeS/WAN. Rechecking CRL support, I found this URL: http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html It doesn't say if CRLs work, but it looks helpful for people wanting to do certificates. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020721213706.GE461>