IPSEC help

看板FB_security作者時間18年前 (2007/11/15 19:42), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/11 (看更多)
Hi, I am new to ipsec and trying to connect my bsd server with win 2000. I have succeeded to tunnel using pre-shared key. But regarding certificate , I failed to get success. The following are configuration : racoon.conf path certificate "/usr/local/openssl/certs" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log debug; remote anonymous { exchange_mode main,aggressive,base; #exchange_mode main,base; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "bsd.public" "bsd.priv" ; lifetime time 24 hour ; # sec,min,hour #initial_contact off ; #passive on ; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } # the configuration makes racoon (as a responder) to obey the # initiator's lifetime and PFS group proposal. # this makes testing so much easier. proposal_check obey; } # phase 2 proposal (for IPsec SA). # actual phase 2 proposal will obey the following items: # - kernel IPsec policy configuration (like "esp/transport//use) # - permutation of the crypto/hash/compression algorithms presented below sainfo anonymous { # pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } --------------------------END------------------------------------------------------------------ certificate are created in bsd with following commands: openssl req -new -nodes -newkey rsa:1024 -sha1 -days 1095 -keyout bsd.private -out request.pem openssl x509 -req -in request.pem -days 1095 -signkey bsd.private -out bsd.public openssl pkcs12 -export -inkey bsd.private -in bsd.public -out win.p12 -name "win cert" ln -s bsd.public `openssl x509 -noout -hash -in bsd.public`.0 I have used win.p12 in windows 2000 prof. box for this process. Please anyone help me out to configure it. Thankyou, Regards, John --------------------------------- Get easy, one-click access to your favorites. Make Yahoo! your homepage. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 johndecot. 的文章
文章代碼(AID): #17F32u00 (FB_security)
更多 johndecot. 的文章
文章代碼(AID): #17F32u00 (FB_security)