nat-t on fc2
Michael H. Warfield
mhw at wittsend.com
Fri Jun 25 16:08:00 UTC 2004
On Fri, Jun 25, 2004 at 05:49:33PM +0200, Salvatore Basso wrote:
> Hi and thanks for most useful indications that you have supplied to me, therefore if I have understood well what you have explained to me I can use:
> - fc2 with kernel 2.6
> - ipsec-tools 0.3.3
> in ipsec-tools is comprised Racoon that replaces pluto, just?
Correct. There are actually two applications, setkey and racoon.
Setkey is used to manipulate the security policy database (SPD) while
Racoon is the IKE daemon. This is one area where *SWAN is definitely
superior. With *SWAN, you have one set of common configuration files.
With ipsec-tools, you have to manage the policy database and the IKE
configuration separately. It's confusing at best when you are use to
*SWAN.
> therefore in order to construct the vpn with the support nat-t I do not have to install openswan and I do not have to compile the kernel, just?
Correct.
> I use 3des, there am problems with ipsec-tools/racoon?
Not a problem. With the exception of unadorned RSA keys, I think
you will find everything that is supported in OpenSWAN is supported in
Racoon, though maybe a bit differently. The changes in configuration
definitely take some getting use to.
> still thanks !!
> ----------
>
> Salvatore.
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040625/36145ddc/attachment-0001.sig>
More information about the fedora-list
mailing list