[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSH Sentinel Client help please
- To: "Rafael Coninck Teigao" <rafael@SafeCore.NET>
- Subject: Re: SSH Sentinel Client help please
- From: "Robert Schwartz" <robert@newdigitalparadigm.com>
- Date: Fri, 15 Mar 2002 13:33:33 -0800
- Cc: <misc@openbsd.org>
- content-class: urn:content-classes:message
- Thread-Index: AcHMR7Lvl3RhBqsaSU+ArYdpKCGgqgAH/raQ
- Thread-Topic: SSH Sentinel Client help please
Thanks very much. I don't know exactly where I went wrong, but when I
went through these it worked the first time after I re-installed. The
beta works fine, and it installs on Windows XP (test clients were
Windows XP with the beta and Windows 2000 with the released version).
> -----Original Message-----
> From: Rafael Coninck Teigao [mailto:rafael@SafeCore.NET]
> Sent: Friday, March 15, 2002 9:26 AM
> To: Robert Schwartz
> Cc: misc@openbsd.org
> Subject: Re: SSH Sentinel Client help please
>
> Robert Schwartz wrote:
>
> > 1) I'm using the beta (1.3). Is this the right version to
concentrate
> > on or is the 1.2 release a better client (Client OS are Windows 2000
and
> > Windows XP)
> >
>
> I've tested with 1.2.3, but I'll give 1.3 a shot today.
>
> > 2) I've configured my server per Rafael Coninck Teigao's post and
set up
> > the client to use a pre-shared secret:
> > The policy file is a cut and paste off Rafael's email. When I try
to
> > connect I establish an SA, I can ping the inside interface of the
> > bastion host, but I cannot ping hosts on the network etc.
> >
> > There is an option for virtual IP address, when I tweak with those
> > settings I get an error about an INVALID_COOKIE. Searching for that
> > error string through all the usual sources lead to some discussion
about
> > upgrading to current. I was on a stable branch from last week, but
I
> > upgraded to current and still get this issue.
>
> I'm sending attached my .jpg's showing the configuration I used on
> Sentinel (from install, forward). I must say that it wasn't required
to
> use
> proxy arp on the gateway.
>
> > 3) Has anyone implemented this with certificates yet?
>
> Couldn't make it work yet, but didn't tried too hard either, so...
>
>
> []'s,
> Rafael Coninck Teigao
> VP
> SafeCore Network Solutions
> http://SafeCore.NET
> +55 41 224 1785
>
>
> --
>
------------------------------------------------------------------------
--
> -----
> People should focus on the SOLUTION, not on the problem.
>
------------------------------------------------------------------------
--
> -----