https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392879#M86664 I have Fedora core 2 on HP proliant DL360 with 2 Xeon 2.8Ghz, 2GB memory and 2 36G ultra 320 SCSI on RAID1 with one public IP on NIC1 and one private IP on NNIC2. I am trying to set up a VPN server(IPsec) that authenticates with Win2K AD. I tried with FreeSwan. Thay have a lot of stuff for 2.4 kernel but not much for 2.6 kernel. Didn't work by the way(I am sure I am doing something wrong. And I tried using open LDAP but it locks up fedora and takes a couple of hours to boot up so I ried using Winbind but does not work either.<BR />Do you have any reccomendations on how to configure the system I am trying to build?<BR />How I should modify configuration files and stuff? help!! Mon, 04 Oct 2004 12:42:46 GMT Jong Kim_1 2004-10-04T12:42:46Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392879#M86664 I have Fedora core 2 on HP proliant DL360 with 2 Xeon 2.8Ghz, 2GB memory and 2 36G ultra 320 SCSI on RAID1 with one public IP on NIC1 and one private IP on NNIC2. I am trying to set up a VPN server(IPsec) that authenticates with Win2K AD. I tried with FreeSwan. Thay have a lot of stuff for 2.4 kernel but not much for 2.6 kernel. Didn't work by the way(I am sure I am doing something wrong. And I tried using open LDAP but it locks up fedora and takes a couple of hours to boot up so I ried using Winbind but does not work either.<BR />Do you have any reccomendations on how to configure the system I am trying to build?<BR />How I should modify configuration files and stuff? help!! Mon, 04 Oct 2004 12:42:46 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392879#M86664 Jong Kim_1 2004-10-04T12:42:46Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392880#M86665 Use the Fedora box to forward VPN ports to the internal Windows VPN box.<BR /><BR />If the box runs Windows 2003 Server you will need to find a way to get a certificate from that box to your clients.<BR /><BR />If you are interested in a iptables port forward setup, I can provide configuration files.<BR /><BR />The basic setup is in my itrc profile the Linux VPN questions of June-July 2004.<BR /><BR />SEP Tue, 05 Oct 2004 11:21:31 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392880#M86665 Steven E. Protter 2004-10-05T11:21:31Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392881#M86666 Thank you.<BR />I am so very interested in iptable file. Funny thing is that we don't have VPN server. We have Cisco router acting as VPN server and permitted users are hard coded in there. So I was wondering if fedora can authenticate users by reading user info from Windows AD. Our DC's are Win2K adv. servers. And cisco router is doing PPTP. not much encryption there. Tue, 05 Oct 2004 11:39:00 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392881#M86666 Jong Kim_1 2004-10-05T11:39:00Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392882#M86667 I was not personally satisfied with the available Linux VPN solutions. Windows 2000 Advanced Server and Windows 2003 Server both have built in VPN server setups.<BR /><BR />You will need to install the Certificate serveron 2003 and set up and deliver a certificate to all clients to make that setup work.<BR /><BR />Here is the forwarding code.<BR /><BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624078" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624078</A><BR /><BR />Here is a lot of relavent information on the Microsoft issues:<BR /><A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624076" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624076</A><BR /><BR />SEP Tue, 05 Oct 2004 11:49:55 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392882#M86667 Steven E. Protter 2004-10-05T11:49:55Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392883#M86668 Thank you so much SEP.<BR />I understand it a lot better now. Tue, 05 Oct 2004 11:54:06 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392883#M86668 Jong Kim_1 2004-10-05T11:54:06Z https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392884#M86669 Have a look at openvpn (openvpn.sourceforge.net). IPSec is overly complicated and the built in VPN stuff in MS is horrible. I believe this can authenticate to AD, however I haven't ever used this. Sat, 01 Jan 2005 09:31:02 GMT https://community.hpe.com/t5/operating-system-linux/ipsec-vpn-with-windows-ad-authentication/m-p/3392884#M86669 Steven Coutts_1 2005-01-01T09:31:02Z