Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 639 — #665
i
i
i
i
i
i
i
i
26
Security in the Network
The configuration file can now be copied to /etc/ipsec.conf. Under
certain circumstances, the file name at leftcert may need to be adapted.
However, /etc/ipsec.d/certs/cert_01.pem is normally already
entered. The value following right must be identical with the DNS host
name or IP address of the server.
rcipsec start starts IPsec and establishes the connection (if
auto=start has been configured). ipsec auto --status or
setkey-D and an inspection of /var/log/messages enable you to
check that everything has worked. rcipsec stop ends IPsec and all con-
nections are cleared.
26.2.3 IPsec Clients on Windows XP and Windows 2000
You can also set up IPsec connections to SUSE LINUX from Windows XP
and Windows 2000 clients. The various steps are described below.
1. Create the client certificate on the CA management computer.
2. Export the Windows configuration file.
3. Prepare Windows.
4. Configure the Windows snap-ins.
5. Import a client certificate.
6. Make a note of important certificate data.
7. Configure the IPsec connection.
8. Create desktop links.
Creating a Client Certificate
Create the client certificate using the YaST CA Management module (see
Section 26.1.2 on page 627). The completed certificate should then be saved
together with the key and all associated CAs in a PKCS12 file (see Sec-
tion 26.1.2 on page 631).
639
SUSE LINUX Enterprise Server