[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec: Windows XP <-> OpenBSD

To: misc@openbsd.org
Subject: IPSec: Windows XP <-> OpenBSD
From: uid0-41441-bla@catastrophe.net
Date: Mon, 16 Sep 2002 16:49:56 -0500
Content-Disposition: inline

Hello -

I'm looking to build an IPSec concentrator for remote connections.
Basically, here is the design.


   10.13.43.15     192.168.43.151   
     ------          ------
     | XP |          | XP |
     ------          ------
        |              |
        \              /
         \            /
          ------------
          | Internet |
          ------------
               ||
               ||
            --------
            | obsd |
            --------
         172.20.31.211
               ||
          ------------
          | Internal |
          |   'Net   |
          ------------  
           172.21.0.0



I've followed the instructions in the following document ...

  <www.cs.umd.edu/~mvanopst/xp2obsd.pdf>

but noticed a small problem. I don't understand where the 
second certificate (on page 3 in /etc/isakmpd/certs) for
heimdal.programming.ipseclabs.org comes from.

Does the BSD host need to have a certificate as well? Or is
the key-exchange done only from the Windows XP side?

Basically, I want to tunnel ALL traffic from the XP machines to
the obsd concentrator. That traffic that wants to go to 172.21.0.0
goes through the obsd machine, and traffic for 0/0 goes back out
the external interface of the obsd machine.

Any help is appreciated. I'm kinda stuck here on this key-exchange
bit :(

Thank you!

Prev by Date: qmail-smtpd-auth
Next by Date: Problems with dhcpd.conf
Prev by thread: Re: qmail-smtpd-auth
Next by thread: Problems with dhcpd.conf
Index(es):
- Date
- Thread