From owner-freebsd-security Mon Sep 17 2:44:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from hale.inty.net (hale.inty.net [195.92.21.144]) by hub.freebsd.org (Postfix) with ESMTP id 1205437B406 for ; Mon, 17 Sep 2001 02:44:20 -0700 (PDT) Received: from inty.hq.inty.net (inty.hq.inty.net [213.38.150.150]) by hale.inty.net (8.11.3/8.11.2) with ESMTP id f8H9iHU94326 for ; Mon, 17 Sep 2001 10:44:18 +0100 (BST) Received: from tariq ([10.0.1.156]) by inty.hq.inty.net (8.9.3/8.9.3) with SMTP id KAA57748 for ; Mon, 17 Sep 2001 10:44:16 +0100 (BST) From: "Terry" To: Subject: RE: isakmpd for freebsd howto Date: Mon, 17 Sep 2001 10:45:02 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org after some investigation it turns out that dynamic ip end-points are not compatible with racoon at all. so i'm going to try isakpmd (ported package isakmpd-20010403.tgz for freebsd 4.2-rel) the binaries seem to work ok, conf files read in ok... but then nothing (!)... anyone know of any how-tos? seeting up gif tunnels required? ideas / comments welcome. t --------------------------------------- On Fri, 14 Sep 2001, Terry wrote: > > I can get a FreeBSD IPSEC VPN (tunnel mode) going ... (setting up > gif0, routing etc etc)... > > and I can JUST ABOUT do a FreeBSD<->win2k ipsec transport mode > going... > > i want to be able to have mobile win2k laptops join the static ipsec > vpn... i guess they use transport mode? > > anyway, documentation is scarce (ipve spent a week reading stuff from > the bsd, ipsec sites, mailing and news archives... no luck)... the > scope IS THERE ... the racoon config file format does allow connection > specific SA's to be genereated: > > remote anonymous {...} (anyone) > sainfo anonymous {...} (again, anyone) > > remote address 1.2.3.4 (extra ones?) > sainfo address 1.2.3.4 (extra ones?) > > has anyone done this? > i'm using freebsd 4.3-release, will use 4.4-release when its out... > > any help/ideas welcome > > > -- > Information in this electronic mail message is confidential > and may be legally privileged. It is intended solely for > the addressee. Access to this message by anyone else is > unauthorised. If you are not the intended recipient any > use, disclosure, copying or distribution of this message is > prohibited and may be unlawful. When addressed to our > customers, any information contained in this message is > subject to Intelligent Network Technology Ltd Terms & Conditions. > -- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message This email has been virus scanned using Sophos Anti-Virus by intY (www.inty.net) -- Information in this electronic mail message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient any use, disclosure, copying or distribution of this message is prohibited and may be unlawful. When addressed to our customers, any information contained in this message is subject to Intelligent Network Technology Ltd Terms & Conditions. -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message