Re: IPsec with a Linux road-warrior

I finally got this working with Openswan and X.509 certificates.

On the OpenBSD side:
ipsec.conf:
ike passive esp from 86.134.74.32 to any

Linux/Openswan side:
ipsec.conf:
version 2
include /etc/ipsec.d/examples/no_oe.conf
config work
        auto=add
        left=%defaultroute
        leftcert=roadwarrior.crt
        leftrsasigkey=%cert
        leftid=@ROADWARRIOR_FQDN
        right=SERVER_IP
        rightcert=server.crt
        rightrsasigkey=%cert
        rightid=@SERVER_FQDN
        forceencaps=yes
        ike=aes128-sha1-modp1024
        esp=aes128-sha1

This is working between 2 peers fine, haven't tried multiple peers yet.

As for certificates, both hosts need the public keys and CA cert as
well as thier own private key.

I am tempted to get this working with CAcert.org eventually.

Tom