Slide 1

Quintessential Open Source Product

Base Product

X.509Patch

NAT-Traversal Patch

Delete-Notify Patch

“Algo” Patch

SuperFreeS/WAN

Installation Preparation

Patching

Easier Way

Installation

Installation

Installation

X.509 Setup

What to do about CRL's?

Miscellaneous Vocabulary

How eroutes Work (I think)

Packet Flow From Network Client

Packet Flow To Network Client

Packet Flow From GNOC Client

Packet Flow From GNOC Client

eroute States and Descriptions

Manipulating Connections

Other ipsec auto Commands

Other ipsec auto Commands

Uses of ipsec auto

Other FreeS/WAN Utilities

Integrating FreeS/WAN and iptables

Integrating FreeS/WAN and iptables

Slide 31

/etc/ipsec.conf

/etc/ipsec.conf

/etc/ipsec.conf

config Parameters

config Parameters

config Parameters

config Parameters

config Parameters

config Parameters

Config Parameters

config Parameters

conn Parameters

Typical conn Section

conn Parameters

conn Parameters

conn Parameters

conn Parameters

conn Parameters

Special RAS Conditions

NAT-T subnet Options

conn Parameters

conn Parameters

Conn Parameters

conn Parameters

conn Parameters

conn Parameters

conn Parameters

conn Parameters

conn Parameters

conn Parameters

There's More!

Making It Real

A planB Example

Allowing DHCP-over-IPSec

RAS Connections

GNOC Connections

Lab