Re: nat-t on fc2

["Michael H. Warfield" <mhw@xxxxxxxxxxxx>]

On Fri, Jun 25, 2004 at 06:37:05PM +0200, Salvatore Basso wrote:
> Hi and still thanks!

> - therefore I could install and use openswan but without to use pluto but Racoon, just? 

	No...  Either OpenSWAN or IPSec-tools.  If you try to split the
difference with some apps from each, all bets are off.  I doubt you will
get it to work and I don't think I would even try.

> - what you mean for "unadorned rsa keys" ? I use the usual system of key private/public, I can continue to use it with ipsec-tools ?

	Unadorned RSA keys meaning simple RSA keys which are NOT part of
X509 certs.

	If you've got something like this:

        rightrsasigkey=%cert
        rightcert=banshee.wittsend.com.crt

	Then you are using RSA keys from X509 certs.

	If you've got something like this:

        rightid=@xxxxxxxxxxxxxxxxxx
        rightrsasigkey=0sAQO9fle/px4mi6wb3D4v3wAwNvI1dxb/ZROEoJTnGbxYhfTSCucWB3GxczkVNKtpF0m5oWQ3k5qFUdCSWc8mpEGA2No5hyia6LNVJi7gvM5qye9K2wN3rxV7FaeWO30PWoHn8znZG0XJLAVpVvZsolLxZtUOrSfXnRha0JIrLRMryIiKqlJ3e6cT8Q8xMR/9fCWJAPuJFiDAINedQeYqO23nE23KhWL/SMTmB/3bVKh5RkTKACwA7y3Z1A0OrUo1vjUr/kKokHXfXvGC3BCC7yrnffJRo7qn6tpc80f/hfLS/loM+JUMhGlqlwThtUSwak4gpbUgE0KghkfaMWUEDvMTIxb06SrYkmbVorakXLDC3nnR

	Then you are using plain, simple, RSA keys.  If you want to use these
types of keys with Racoon, you have to use one of the snapshot tarballs from
the ipsec-tools site, ipsec-tools.sf.net.  You still can not mix pieces
from that and OpenSWAN on the same system.  They can talk to each other
on different systems, but you can't mix components on the same system.
Sorry if I wasn't clear about that.

>         Salvatore.

	Mike

> ----- Original Message ----- 
> From: "Michael H. Warfield" <mhw@xxxxxxxxxxxx>
> To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
> Sent: Friday, June 25, 2004 6:08 PM
> Subject: Re: nat-t on fc2
> 
> 
> > -- 
> > fedora-list mailing list
> > fedora-list@xxxxxxxxxx
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> > 
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> 
>  
>  ** ACCEPT: CRM114 PASS Markovian Matcher ** 
> CLASSIFY succeeds; success probability: 1.0000  pR: 165.8301
> Best match to file #0 (nonspam.css) prob: 1.0000  pR: 165.8301  
> Total features in input file: 7760
> #0 (nonspam.css): features: 3609777, hits: 3744954, prob: 1.00e+00, pR: 165.83 
> #1 (spam.css): features: 3562007, hits: 3961259, prob: 1.48e-166, pR: -165.83 
>  
> 

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@xxxxxxxxxxxx
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Attachment: pgpozPIGSfSNP.pgp
Description: PGP signature