VPN problem...

Hewitt_Tech hewitt_tech at comcast.net
Thu Oct 1 18:50:06 EDT 2009 

Ben Scott wrote:
> On Thu, Oct 1, 2009 at 5:50 PM, Hewitt_Tech <hewitt_tech at comcast.net> wrote:
>>>  Any idea what protocols the LinkSys is using?  IPsec?  IKE?  SSL/TLS?
>>>  X.509?
>> It's definitely using IKE.
> 
>   Okay, IPsec with IKE can use PSK or X.509 certificates.  Which one
> is your LinkSys using?
> 
>   If it's PSK (pre-shared keys, also called a "shared secret"), you
> have to enter the same password into both devices.  There will be no
> clock time element involved.  So that isn't the problem.  (I think.)
> 
>   If it's X.509 certificates, you either register the device with a
> Certificate Authority, or you exchange peer certificates between each
> device.  X.509 allows the time stuff.  so that *MAY* be the problem.
> 
>   If you want to persue the certificate+time thing: Does the device
> have the option of letting you load your own certificate and key?  If
> so, you could use OpenSSL's CA support on a Linux box to generate
> certificates for each device, specifying a "Not Before" date of
> 1/1/1900 or whatever the device thinks the date is.
> 
>   One word of warning: If you haven't used the OpenSSL CA stuff
> already, it is extremely cryptic and very poorly documented.  Even by
> Linux standards.  It doesn't help that X.509 is a nightmare, too.  It
> will probabbly be cheaper to just buy a real VPN box than spend the
> time and effort in figuring it all out -- especially since we're not
> even sure that's the problem.
> 
> -- Ben
> 
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> 

Thanks for the help guys. I fixed it by setting up the cable modem as I 
was describing. I changed the Linksys router to get it's WAN address 
dynamically. I then re-configured the cable modem to create a DMZ which 
only has one computer (in this case the router). I changed the cable 
modem's DHCP lease to "forever" so that the IP address being used by the 
Linksys router wouldn't change. I then noticed that the WAN IP address 
was switched by the cable modem to what had previously been the gateway 
address (which was one off the original WAN IP address). So it's up and 
running despite the weirdness that the Linksys router was displaying.

-Alex

More information about the gnhlug-discuss mailing list