From owner-freebsd-security@FreeBSD.ORG Wed Jan 25 17:56:31 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 476AB16A420 for ; Wed, 25 Jan 2006 17:56:31 +0000 (GMT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id A986443D7F for ; Wed, 25 Jan 2006 17:56:21 +0000 (GMT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from localhost (localhost [127.0.0.1]) by cactus.fi.uba.ar (8.13.4/8.13.4) with ESMTP id k0PHuYAt037035; Wed, 25 Jan 2006 14:56:34 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Wed, 25 Jan 2006 14:56:34 -0300 (ART) From: Fernando Gleiser To: Vaida Bogdan In-Reply-To: <12848a3b0601230055h12b7169uce7f1fbb2f0da8e6@mail.gmail.com> Message-ID: <20060125145213.A65853@cactus.fi.uba.ar> References: <12848a3b0601221142r2161c20ka6d128ecf5c299aa@mail.gmail.com> <43D3E694.9040902@aeternal.net> <12848a3b0601230055h12b7169uce7f1fbb2f0da8e6@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Scanned-By: MIMEDefang 2.52 on 157.92.49.108 Cc: freebsd-security@freebsd.org Subject: Re: setting up vpn client on a freebsd workstation X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 17:56:31 -0000 On Mon, 23 Jan 2006, Vaida Bogdan wrote: > I don't need openvpn, I need IPSEC (KAME). So none of the proposed > solutions work. > > I am the "FreeBSD Client" in the configuration so I can't change the > server vpn implementation. > Some basic questions: are your certificates self-signed? are your certificates and the linux ones signed by the same CA? you need to send your certificate and your CA's certificate to the linux admin so s?he can install them in the linux box. For the local config, look here: http://ezine.daemonnews.org/200502/ipsec.html Hope this helps Fer