[Users] Securing a wireless network

Hello,

I find lot of example configurations how to do IPSEC tunnels through the internet and I already used FreeS/WAN for this purpose alot. But this time I need a different configuration because I want to secure a WLAN. There are also a lot of howtos on the internet regarding this issue but they all only describe how to encrypt data which is transmitted between a workstation and the Internet gateway. This is not enough for me. I ALSO want that a workstation can communicate securely with other workstations on the same WLAN. With Windows 2000 it seems to be pretty easy, just add a Security Policy which REQUIRES Security with X.509 certificates. No tunnels needs to be specified. After enabling this Policy the Windows machines can communicate with each other over IPSEC as long as they all have valid certs under the same CA.

But how can I do this with freeswan? I can do something like this to connect to ONE Windows machine (I am 192.168.30.206, Windows is 192.168.30.207):

conn wlan

    type=transport
    left=192.168.30.206
    leftcert=mycert.pem
    right=192.168.30.207
    authby=rsasig
    rightrsasigkey=%cert
    auto=route

The IPSEC connection is automatically initiated by freeswan if I ping the Windows machine. If I do it from the Windows machine the connection is initiated by Windows. So it's working perfectly.

But I don't want to add such rules for EACH computer on the wireless network. What can I do to simplify this on the linux machines? Would be nice if it would be possible to do something like this:

    left=192.168.30.206
    right=192.168.30.0/24

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

But it's not possible to specify a subnet and %any is also not working with "auto=route". Is there an other solution which may be helpful?

-- 
Bye, K <
http://www.ailis.de/~k/> (FidoNet: 2:240/2188.18)
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger k@ailis.de to get public key)
_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr