diff --git a/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/README b/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/README index baf8a124b026..c793c131d2fc 100644 --- a/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/README +++ b/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/README @@ -1,7 +1,7 @@ This directory contains sample configurations files used for roadwarrior remote access using hybrid authentication. In this setup, the VPN -gateway authenticate to the client using a certificate, and the client -authenticate to the VPN gateway using a login and a password. +gateway authenticates to the client using a certificate, and the client +authenticates to the VPN gateway using a login and a password. Moreover, this setup makes use of ISAKMP mode config to autoconfigure the client. After a successful login, the client will receive an @@ -23,17 +23,17 @@ authentication, IP allocation and accounting. The address and secret to be used for the RADIUS server are configured in /etc/radius.conf, see radius.conf(5). -Both config file use the server/phase1-down.sh script, which is used to -workaround a bug in automatically generated SAD and SPD flush in -racoon. This script will not be needed anymore the day this problem -will be fixed. +Both config files use the server/phase1-down.sh script, which is +used to work around a bug in raccon with flushing automatically +generated SAD and SPD entries. This script will not be needed +anymore when this problem will be fixed. Both configurations can be used with the Cisco VPN client if it -is setup to use hybrid authentication (aka mutual group authentication, +is set up to use hybrid authentication (aka mutual group authentication, available in Cisco VPN client version 4.0.5 and above). The group -password configured in the Cisco VPN client is unused by racoon. +password configured in the Cisco VPN client is not used by racoon. -Once you will have installed /etc/racoon/racoon.conf and +After you have installed /etc/racoon/racoon.conf and /etc/racoon/phase1-down.sh, you will also have to install a server certificate and key in /etc/openssl/certs/server.crt and /etc/openssl/certs/server.key @@ -61,10 +61,10 @@ you for the password. The password can be stored in the psk.txt file. In that situation, add this directive to the remote section of racoon.conf: xauth_login "username"; -Where username is your login. +where username is your login. Note that for now there is no feedback in racoonctl if the authentication -fails. Peek at racoon logs to discover what goes wrong. +fails. Peek at the racoon logs to discover what goes wrong. In order to disconnect from the VPN, do this: racoonctl vd vpn-gateway.example.net diff --git a/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/server/phase1-down.sh b/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/server/phase1-down.sh index 5c036d76895f..fb3c3ce08c1f 100644 --- a/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/server/phase1-down.sh +++ b/crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/server/phase1-down.sh @@ -2,7 +2,7 @@ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin -# Correctly flush automatically generated SAD and SPD +# Correctly flush automatically generated SAD and SPD entries # This should go away the day racoon will properly do the job. echo "