I've been playing around with FreeS/WAN on a few of the Linux boxes I own or admin. I was amazed when I actually got a connection or two to work. I'm still having some problems, though, and I figured someone else has attacked the problem before. First off is the big problem of NAT boxes. We have a wireless network, and a box firewalling it. Does anyone have a good idea of what has to be done to get IPSec going through it (from a NATed client to a host elsewhere with a real IP)? Is it just a few iptables rules, or more complicated than that? Working along a different tack, I just installed FreeS/WAN on the firewall itself. It has a signed certificate from Thawte for the web sign-on page it uses, and I was wondering if it's possible to use that same cert for IPsec. If it's possible, do I have to extract information from the certificate somehow, or can I just point to it in a configuration file somewhere? Lastly, I thought I'd give a quick micro-howto on getting FreeS/WAN installed (though not configured) on Debian. Here are the basic steps I've used: # Install these packages with apt-get freeswan kernel-package kernel-image-2.4.18-686 # use whatever version and arch you need kernel-source-2.4.18 kernel-patch-freeswan cd /usr/src tar jxvf kernel-source-2.4.18.tar.bz2 cd kernel-source-2.4.18 cp /boot/config-2.4.18 .config export PATCH_THE_KERNEL=YES make-kpkg --append-to-version '-fs1' --config=menuconfig \ --revision 20020620 --initrd binary-arch modules_image cd .. dpkg -i kernel-image-2.4.18-fs1_20020620_i386.deb Make sure that LILO (or whatever bootloader you use) is happy, and reboot -- _ _ _ _ _ ___ _ _ _ ___ _ _ __ If it walks out of your / \/ \(_)| ' // ._\ / - \(_)/ ./| ' /(__ refrigerator, LET IT GO!! \_||_/|_||_|_\\___/ \_-_/|_|\__\|_|_\ __) [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020620/b8066bf3/attachment.pgp