Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with (5716 Views)
Reply
Valued Contributor
Ph Vouters
Posts: 198
Registered: ‎10-29-2010
Message 1 of 4 (5,760 Views)

Currently working with Cisco IOS and Linux VPN opened source software - If interested with

Dear everyone,

 

I am currently working with Cisco IOS on one one side and Linux VPN opened source software. So far I have produced these documents which can be fully relied upon:

http://vouters.dyndns.org/tima/Linux-Libreswan-Shrew-Cisco-IOS-Creating_PKCS12_files_from_IOS_genera...

and

http://vouters.dyndns.org/tima/Linux-Libreswan-remote_peer_type_option.html

 

I am currently working with someone from Slovakia onto this one:

http://vouters.dyndns.org/tima/Linux-Windows-Cisco-VPN-Cisco_may_abort_when_attempting_to_establish_...

 

My last attempt is to have Shrew VPN Client (which fails) to feed the Cisco IOS end with a certificate issuer information.

 

I can now state that the ipsec-tools v0.8.0 (which succeeds) pay attention onto the issuer information of the client certificate.  A grep -i issuer onto ipsec-tools (aka racoon) sources shows lots of meaningful information.

 

When I shall prove that when paying attention onto the issuer part of the certificate and feeding te Cisco IOS peer with the corresponding payload, then I will be able to turn all conditionals in my sentences to certainties and also be able to fill in the SOLUTION or RESPONSE section in the last URL.

 

Yours truly,

Philippe

Please use plain text.
Valued Contributor
Ph Vouters
Posts: 198
Registered: ‎10-29-2010
Message 2 of 4 (5,716 Views)

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

http://vouters.dyndns.org/tima/Linux-Windows-Cisco-VPN-Cisco_may_abort_when_attempting_to_establish_...

is almost complete. I have just to prove that under Cisco IOS Version 15 that there is no problem with Mutual RSA + Main mode + XAuth combined with NAT-T v03 NAT-T negiotiation.

 

Meanwhile I produced a new document involving Cisco IOS and Open PKI. The document is complete and can be viewed at http://vouters.dyndns.org/tima/Linux-Cisco-OpenCA-Authenticating_and_Enrolling_a_Cisco_IOS_trustpoin...

 

Yours truly,

Philippe

Please use plain text.
Valued Contributor
Ph Vouters
Posts: 198
Registered: ‎10-29-2010
Message 3 of 4 (5,684 Views)

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

This at http://vouters.dyndns.org/tima/Linux-Shrew-Cisco_IOS-Configuring_Cisco_IOS_to_setup_an_Internet_VPN.... involving Cisco IOS and Shrew VPN Client proved successful to establish a true Internet VPN between Mexico city and France. The Cisco IOS router was in Mexico city. However a test remains to be made to check whether the 'key foobar' Cisco IOS statement can be suppressed. It appears it theoretically can.

 

Meanwhile I have been working on http://vouters.dyndns.org/tima/Linux-Cisco_IOS-Radius-OpenCA-Configuring_Linux_for_Cisco_IOS_AAA.htm... involving Cisco IOS ad GNU Radius for Cisco IOS AAA configuration. The Cisco IOS router will be again avaible on DEcember 27th at 10AM CST for one day. So this  document has still to be worked on to make sure everything is indeed correct and fully matches the reality.

Please use plain text.
Valued Contributor
Ph Vouters
Posts: 198
Registered: ‎10-29-2010
Message 4 of 4 (5,675 Views)

Re: Currently working with Cisco IOS and Linux VPN opened source software - If interested with

We are on Staurday, Dec 28 2013 at 21:11PM. All the work on the mentionned URL links is fully complete and tested. A great thank you to Esteban Lopez working for Softel ( http://www.softel.mx/) in Mexico city.

Yours truly,

Philippe Vouters (Fontainebleau/France)

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation