Date: Tue, 01 Dec 2009 01:25:55 +0300 From: Oleg Baranov <ol@csa.ru> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-net@freebsd.org Subject: Re: Connecting to a WatchGuard box Message-ID: <4B144673.9000403@csa.ru> In-Reply-To: <4B143C6E.3030609@netfence.it> References: <4B143C6E.3030609@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
I've been working with Watchguard 8.3 & 9.0 for some time.
In general it was fine but we've suffered connection recovery problems
after ISP blackouts from time to time.
Here is my section of racoon.conf
remote a.b.c.d
{
exchange_mode main;
lifetime time 8 hour ; # sec,min,hour
my_identifier fqdn "my.dom.ain";
peers_identifier fqdn "watchguard.fw.dn";
initial_contact on;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
proposal_check obey;
}
Setkey and PSK file records are standard as well as gif interfaces setup.
On Watchguard it was Branch Office Gateway and tunnel set up accordingly
to the parameters above...
Andrea Venturoli wrote:
> Hello.
> A customer of mine was connecting to a remote WatchGuard box through
> their Mobile VPN client.
> Now I'd like the server to take over that and le the whole network
> connect.
>
> Did anyone ever succeded in this? Is it possible?
> Should be IPSEC, but anyone has an how-to?
>
> bye & Thanks
> av.
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B144673.9000403>