nat-t on fc2

Michael H. Warfield mhw at wittsend.com
Fri Jun 25 16:46:43 UTC 2004 

On Fri, Jun 25, 2004 at 06:37:05PM +0200, Salvatore Basso wrote:
> Hi and still thanks!

> - therefore I could install and use openswan but without to use pluto but Racoon, just? 

	No...  Either OpenSWAN or IPSec-tools.  If you try to split the
difference with some apps from each, all bets are off.  I doubt you will
get it to work and I don't think I would even try.

> - what you mean for "unadorned rsa keys" ? I use the usual system of key private/public, I can continue to use it with ipsec-tools ?

	Unadorned RSA keys meaning simple RSA keys which are NOT part of
X509 certs.

	If you've got something like this:

        rightrsasigkey=%cert
        rightcert=banshee.wittsend.com.crt

	Then you are using RSA keys from X509 certs.

	If you've got something like this:

        rightid=@remus.wittsend.com
        rightrsasigkey=0sAQO9fle/px4mi6wb3D4v3wAwNvI1dxb/ZROEoJTnGbxYhfTSCucWB3GxczkVNKtpF0m5oWQ3k5qFUdCSWc8mpEGA2No5hyia6LNVJi7gvM5qye9K2wN3rxV7FaeWO30PWoHn8znZG0XJLAVpVvZsolLxZtUOrSfXnRha0JIrLRMryIiKqlJ3e6cT8Q8xMR/9fCWJAPuJFiDAINedQeYqO23nE23KhWL/SMTmB/3bVKh5RkTKACwA7y3Z1A0OrUo1vjUr/kKokHXfXvGC3BCC7yrnffJRo7qn6tpc80f/hfLS/loM+JUMhGlqlwThtUSwak4gpbUgE0KghkfaMWUEDvMTIxb06SrYkmbVorakXLDC3nnR

	Then you are using plain, simple, RSA keys.  If you want to use these
types of keys with Racoon, you have to use one of the snapshot tarballs from
the ipsec-tools site, ipsec-tools.sf.net.  You still can not mix pieces
from that and OpenSWAN on the same system.  They can talk to each other
on different systems, but you can't mix components on the same system.
Sorry if I wasn't clear about that.

>         Salvatore.

	Mike

> ----- Original Message ----- 
> From: "Michael H. Warfield" <mhw at wittsend.com>
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Sent: Friday, June 25, 2004 6:08 PM
> Subject: Re: nat-t on fc2
> 
> 
> > -- 
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> > 
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 
>  
>  ** ACCEPT: CRM114 PASS Markovian Matcher ** 
> CLASSIFY succeeds; success probability: 1.0000  pR: 165.8301
> Best match to file #0 (nonspam.css) prob: 1.0000  pR: 165.8301  
> Total features in input file: 7760
> #0 (nonspam.css): features: 3609777, hits: 3744954, prob: 1.00e+00, pR: 165.83 
> #1 (spam.css): features: 3562007, hits: 3961259, prob: 1.48e-166, pR: -165.83 
>  
> 

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040625/f0e33670/attachment-0001.sig>

More information about the fedora-list mailing list