VPN through BSD for Win2k, totally baffled
Jacques A. Vidrine
nectar at FreeBSD.org
Thu May 8 05:26:39 PDT 2003
On Wed, May 07, 2003 at 07:21:33PM -0700, Michael Collette wrote:
> Scenario:
> FreeBSD box running IPFW acting as a gateway to private network. The private
> network is made up of entirely routeable IP addresses. External users
> running Win2k and XP on DSL connections with dynamic IPs.
[...]
> Where I totally lost it was on the FreeBSD setup. The author is referring to
> certificates that he never described how they should be created. I didn't
> know what in the heck to do here.
[...]
It's hard to tell from your message where you are getting lost, but I'll
give it a shot. Assuming you have all your certificates (let's call
them client.crt/client.key, server.crt/server.key, and ca-local.crt):
(1) Add a `path certificate' directive to racoon.conf, e.g.
path certificate "/usr/local/etc/racoon/cert" ;
(2) Create that directory
(3) Store your CA's certficate in that directory in PEM format, e.g.
/usr/local/etc/racoon/cert/ca-local.pem.
(4) Create a symlink in that directory based on the CA cert's hash,
e.g.
cd /usr/local/etc/racoon/cert
ln -s ca-local.pem `openssl x509 -noout -hash -in ca-local.pem`.0
Heh, I found some pages that might be useful to you while I was Google'ing
to double-check my openssl syntax:
<URL: http://www.kame.net/newsletter/20001119b/ >
<URL: http://www.onlamp.com/pub/a/bsd/2002/04/04/ipsec.html?page=2 >
Hope this helps,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list