On Mon, 2010-03-22 at 21:43 +0000, Timothy Murphy wrote: > Greg Woods wrote: > > > Related to the original topic, I use an ipsec-tools style VPN, and it > > recovers automatically on wakeup. > > I'm not sure what this means. > What did you do, exactly? To fully answer this question would be a major research project, since it has been an ongoing project for several years and I have never really documented everything I did. But basically it involves installing the ipsec-tools package, creating a racoon.conf file on each end, generating a cert for the server and client (and installing them on each side), and generating an appropriate config file for "setkey" to route traffic through the tunnel. Cert authentication can happen with no intervention, the tunnel is set up inside the kernel automatically. The racoon daemon is only for doing the session key negotiation (IKE). Complicating this has been dealing with one of the clients being behind a NAT box, the NAT box itself having a dynamic IP address, etc. But it works reliably and it comes up automatically on resume. You can start with the ipsec-tools home page at: http://ipsec-tools.sourceforge.net/ --Greg -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
