Hello.
I have had a VPN solution running on both debian and Redhat
installations for a short while now. I am connecting to an FVL328
Netgear VPN enabled firewall and using super-freeswan PSK. I now have to
install a solution on a SUSE box. I thought "no problem". I have been
struggling with this for a week now. The kernel sources distributed with
SUSE apparently already have some IPSEC stuff patched in. I tried
getting the kernel sources from the SUSE web-site and working with them
on my Redhat machine. I then installed SUSE on a partition on my machine
and have tried a number of things from installing an unpatched 2.4.26
kernel to a partially patched version from SUSE. Does anyone have a
suggestion on which version to go with for the SUSE client? I need to
stick with PSK aggressive mode for now.
I would eventually like to get a Certificate Authority solution
working and I have run some tests on the Netgear router. If I tell the
router to identify the client by domain name it doesn't seem to be able
to match this. The Netgear client for windows and the router itself
generate certificate requests with a Domain name in them. Using openssl
I can add a domain name with I generate the certificate but they still
can't match. Another option is to use the distinguished name. I can
input this into the router but only in "DER ASN.1" format. Does anyone
know how to extract the distinguished name in DER ASN.1 format?

Thanks,

JimT

[ Post a follow-up to this message ]

I found the solution to the SUSE problem. I'm using the sources from
kernel.org and adding any patches (NTFS) that I need for SUSE.
JimT
Jim wrote:
> Hello.
> I have had a VPN solution running on both debian and Redhat
> installations for a short while now. I am connecting to an FVL328
> Netgear VPN enabled firewall and using super-freeswan PSK. I now have to
> install a solution on a SUSE box. I thought "no problem". I have been
> struggling with this for a week now. The kernel sources distributed with
> SUSE apparently already have some IPSEC stuff patched in. I tried
> getting the kernel sources from the SUSE web-site and working with them
> on my Redhat machine. I then installed SUSE on a partition on my machine
> and have tried a number of things from installing an unpatched 2.4.26
> kernel to a partially patched version from SUSE. Does anyone have a
> suggestion on which version to go with for the SUSE client? I need to
> stick with PSK aggressive mode for now.
>   I would eventually like to get a Certificate Authority solution
> working and I have run some tests on the Netgear router. If I tell the
> router to identify the client by domain name it doesn't seem to be able
> to match this. The Netgear client for windows and the router itself
> generate certificate requests with a Domain name in them. Using openssl
> I can add a domain name with I generate the certificate but they still
> can't match. Another option is to use the distinguished name. I can
> input this into the router but only in "DER ASN.1" format. Does anyone
> know how to extract the distinguished name in DER ASN.1 format?
>
> Thanks,
>
> JimT

[ Post a follow-up to this message ]