diff options
Diffstat (limited to 'src/racoon/samples/roadwarrior/README')
| -rw-r--r-- | src/racoon/samples/roadwarrior/README | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/src/racoon/samples/roadwarrior/README b/src/racoon/samples/roadwarrior/README deleted file mode 100644 index aac9d43..0000000 --- a/src/racoon/samples/roadwarrior/README +++ /dev/null @@ -1,67 +0,0 @@ -This directory contains sample configurations files used for roadwarrior -remote access using hybrid authentication. In this setup, the VPN -gateway authenticates to the client using a certificate, and the client -authenticates to the VPN gateway using a login and a password. - -Moreover, this setup makes use of ISAKMP mode config to autoconfigure -the client. After a successful login, the client will receive an -internal address, netmask and DNS from the VPN gateway. - - -Server setups -============= -The server setups need racoon built with the following options: -configure --enable-natt --enable-frag --enable-hybrid --enable-dpd \ - --with-libradius --sysconfdir=/etc/racoon - -The first server setup, in server/racoon.conf, is for a VPN gateway -using authentication against the system password database, and using -a locally configured pool of addresses. - -The second setup, server/racoon.conf-radius, uses a RADIUS server for -authentication, IP allocation and accounting. The address and secret -to be used for the RADIUS server are configured in /etc/radius.conf, -see radius.conf(5). - -Both configurations can be used with the Cisco VPN client if it -is set up to use hybrid authentication (aka mutual group authentication, -available in Cisco VPN client version 4.0.5 and above). The group -password configured in the Cisco VPN client is not used by racoon. - -After you have installed /etc/racoon/racoon.conf, you will also have -to install a server certificate and key in /etc/openssl/certs/server.crt -and /etc/openssl/certs/server.key - - -Client setup -============ -The client setup needs racoon built with the following options: -configure --enable-natt --enable-frag --enable-hybrid --enable-dpd \ - --enable-adminport --sysconfdir=/etc/racoon --localstatedir=/var - -You need to copy client/racoon.conf, client/phase1-up.sh and -client/phase1-down.sh to /etc/racoon, and you need to copy the -certificate authority that signed the VPN gateway certificate in -/etc/openssl/certs/root-ca.crt - -Once this is done, you can run racoon, and then you can start -the VPN using racoonctl: -racoonctl vc -u username vpn-gateway.example.net - -Where username is your login, and vpn-gateway.example.net is -the DNS or IP address of the VPN gateway. racoonctl will prompt -you for the password. - -The password can be stored in the psk.txt file. In that situation, -add this directive to the remote section of racoon.conf: - xauth_login "username"; -where username is your login. - -Note that for now there is no feedback in racoonctl if the authentication -fails. Peek at the racoon logs to discover what goes wrong. - -In order to disconnect from the VPN, do this: -racoonctl vd vpn-gateway.example.net - -This configuration should be compatible with the Cisco VPN 3000 using -hybrid authentication, though this has not been tested. |