keeping people off... (not really related w/ original query)
Vic Berdin
sndbeat at yahoo.com
Thu Feb 6 00:23:40 EST 2003
Hello Jim,
Just curious, can you clarify on this a bit?
"FreeS/WAN can't stand nonunique IP addresses on
clients, such as 192.168.0.1"
See, I've been trying a VPN FSwan/WIN2K InterOp
wherein the internal ifc of my WIN2K becomes
192.168.0.1 as a result of WIN2K internet sharing. And
I've been trying, with no luck, to establish a
subnet-2-subnet tunnel between my Linux sub and this
WIN2K 192.168.0.0/24 sub to form.
Could this "non-unique" IP you mention be the cause of
my short comings?
TIA - Vic
=============================
I found FreeS/WAN for Linux (http://www.freeswan.org/)
(IPSec, RFC
2401) to
be fairly tractable. I'm using X.509 authentication
of clients, which
needs a patch. It helped that I already had the
certificate authority
set
up for another purpose. But a big fly in the ointment
is that
FreeS/WAN
can't stand nonunique IP addresses on clients, such as
192.168.0.1,
very
commonly assigned by commercial residential gateway
products, nor does
ISAKMP work through NAT (as implemented by them).
So FreeS/WAN is fine for transmission on wireless from
your laptop to
your
home Linux router-server, or from the server to the
terminus at work,
or
both in series, but a single hop through a purchased
NAT box isn't
going to
happen.
I've mentioned this problem on the FreeS/WAN mailing
list. If you care
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the wireless
mailing list