Date: Thu, 8 May 2003 07:26:37 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Michael Collette <metrol@metrol.net> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: VPN through BSD for Win2k, totally baffled Message-ID: <20030508122637.GA97715@madman.celabo.org> In-Reply-To: <200305071921.33596.metrol@metrol.net> References: <200305071921.33596.metrol@metrol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 07, 2003 at 07:21:33PM -0700, Michael Collette wrote: > Scenario: > FreeBSD box running IPFW acting as a gateway to private network. The private > network is made up of entirely routeable IP addresses. External users > running Win2k and XP on DSL connections with dynamic IPs. [...] > Where I totally lost it was on the FreeBSD setup. The author is referring to > certificates that he never described how they should be created. I didn't > know what in the heck to do here. [...] It's hard to tell from your message where you are getting lost, but I'll give it a shot. Assuming you have all your certificates (let's call them client.crt/client.key, server.crt/server.key, and ca-local.crt): (1) Add a `path certificate' directive to racoon.conf, e.g. path certificate "/usr/local/etc/racoon/cert" ; (2) Create that directory (3) Store your CA's certficate in that directory in PEM format, e.g. /usr/local/etc/racoon/cert/ca-local.pem. (4) Create a symlink in that directory based on the CA cert's hash, e.g. cd /usr/local/etc/racoon/cert ln -s ca-local.pem `openssl x509 -noout -hash -in ca-local.pem`.0 Heh, I found some pages that might be useful to you while I was Google'ing to double-check my openssl syntax: <URL: http://www.kame.net/newsletter/20001119b/ > <URL: http://www.onlamp.com/pub/a/bsd/2002/04/04/ipsec.html?page=2 > Hope this helps, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030508122637.GA97715>