HPE Community
Operating System - Linux
1819791 Members
3103 Online
109607 Solutions
New Discussion юеВ

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

 
Ph Vouters
Valued Contributor

тАО10-10-2013 12:49 PM

тАО10-10-2013 12:49 PM

Currently working with Cisco IOS and Linux VPN opened source software - If interested with

Dear everyone,

 

I am currently working with Cisco IOS on one one side and Linux VPN opened source software. So far I have produced these documents which can be fully relied upon:

http://vouters.dyndns.org/tima/Linux-Libreswan-Shrew-Cisco-IOS-Creating_PKCS12_files_from_IOS_generated_private_key.html

and

http://vouters.dyndns.org/tima/Linux-Libreswan-remote_peer_type_option.html

 

I am currently working with someone from Slovakia onto this one:

http://vouters.dyndns.org/tima/Linux-Windows-Cisco-VPN-Cisco_may_abort_when_attempting_to_establish_a_VPN.html

 

My last attempt is to have Shrew VPN Client (which fails) to feed the Cisco IOS end with a certificate issuer information.

 

I can now state that the ipsec-tools v0.8.0 (which succeeds) pay attention onto the issuer information of the client certificate.  A grep -i issuer onto ipsec-tools (aka racoon) sources shows lots of meaningful information.

 

When I shall prove that when paying attention onto the issuer part of the certificate and feeding te Cisco IOS peer with the corresponding payload, then I will be able to turn all conditionals in my sentences to certainties and also be able to fill in the SOLUTION or RESPONSE section in the last URL.

 

Yours truly,

Philippe

0 Kudos
Reply
3 REPLIES 3
Ph Vouters
Valued Contributor

тАО11-04-2013 09:15 AM

тАО11-04-2013 09:15 AM

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

http://vouters.dyndns.org/tima/Linux-Windows-Cisco-VPN-Cisco_may_abort_when_attempting_to_establish_a_VPN.html

is almost complete. I have just to prove that under Cisco IOS Version 15 that there is no problem with Mutual RSA + Main mode + XAuth combined with NAT-T v03 NAT-T negiotiation.

 

Meanwhile I produced a new document involving Cisco IOS and Open PKI. The document is complete and can be viewed at http://vouters.dyndns.org/tima/Linux-Cisco-OpenCA-Authenticating_and_Enrolling_a_Cisco_IOS_trustpoint.html

 

Yours truly,

Philippe

0 Kudos
Reply
Ph Vouters
Valued Contributor

тАО12-21-2013 05:01 AM

тАО12-21-2013 05:01 AM

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

This at http://vouters.dyndns.org/tima/Linux-Shrew-Cisco_IOS-Configuring_Cisco_IOS_to_setup_an_Internet_VPN.html involving Cisco IOS and Shrew VPN Client proved successful to establish a true Internet VPN between Mexico city and France. The Cisco IOS router was in Mexico city. However a test remains to be made to check whether the 'key foobar' Cisco IOS statement can be suppressed. It appears it theoretically can.

 

Meanwhile I have been working on http://vouters.dyndns.org/tima/Linux-Cisco_IOS-Radius-OpenCA-Configuring_Linux_for_Cisco_IOS_AAA.html involving Cisco IOS ad GNU Radius for Cisco IOS AAA configuration. The Cisco IOS router will be again avaible on DEcember 27th at 10AM CST for one day. So this  document has still to be worked on to make sure everything is indeed correct and fully matches the reality.

0 Kudos
Reply
Ph Vouters
Valued Contributor

тАО12-28-2013 12:16 PM

тАО12-28-2013 12:16 PM

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

We are on Staurday, Dec 28 2013 at 21:11PM. All the work on the mentionned URL links is fully complete and tested. A great thank you to Esteban Lopez working for Softel ( http://www.softel.mx/) in Mexico city.

Yours truly,

Philippe Vouters (Fontainebleau/France)

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.