From owner-freebsd-net Sun Jan 27 6:32:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from daydreamer.dk (213.237.14.128.adsl.ho.worldonline.dk [213.237.14.128]) by hub.freebsd.org (Postfix) with SMTP id 00EC237B419 for ; Sun, 27 Jan 2002 06:32:11 -0800 (PST) Received: (qmail 8135 invoked from network); 27 Jan 2002 14:31:51 -0000 Received: from unknown (HELO dpws) (192.168.1.3) by 0 with SMTP; 27 Jan 2002 14:31:51 -0000 Message-ID: <006801c1a73f$ca34f110$0301a8c0@dpws> From: "Dennis Pedersen" To: References: <20020127182146.M18351-100000@localhost> Subject: Re: ipsec, racoon, win2000, certifications, how-to? Date: Sun, 27 Jan 2002 15:34:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Soren Dossing" To: Sent: Sunday, January 27, 2002 10:31 AM Subject: ipsec, racoon, win2000, certifications, how-to? > I have posted a similar question a few days ago on freebsd-questions > already but with no luck. > > I'm attempting to configure road-warrior win2000 laptops to access a ipsec > server at the office. Since these win2000 laptops are dynamically assigned > ip addresses, sometimes even behind nat, it seems like using > certifications is the only possible option. But I can find very little > documentation of how to do it. > > Does any of you know where to find documentation for how to create > certifications, where to place them, how to use them, and how to configure > ipsec, racoon and win2000 computers? > > I have attempted to use pre_shared keys, but it appear like they can only > be used with fixed IP addresses in the psk.txt file. Or am I wrong? Uhm, you can also use a email add and a password something@domain.com thekeything There are a bit about certificates in a kame newsletter, try looking on the site :) How did you solve the setkey setup if the ip adress is dynamic, do you have an example? /Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message