OpenBSD Journal

Nortel Networks Contivity to OpenBSD white paper

Contributed by jose on from the help-from-where-you-need-it-most dept.

anonymous writes : "Nortel Networks has published a Contivity to OpenBSD Tech Tip white paper on setting up an IPSec peer-to-peer tunnel. Contivity refers to it as a Branch Office tunnel."

This is pretty cool, support from a large ISP like this ... The guide itself is about 30 pages long and looks really useful.

(Comments are closed)


Comments
  1. By Adriaan () on

    AFAIK Nortel Networks is a manufacturer of network gear. Recently I bought a 12 ports managed Nortel switch on Ebay :)

  2. By Anonymous Coward () on

    I would have loved to have had this document 12 months ago. I was trying to setup a VPN between an OpenBSD server (my company's) and a client's contivity VPN router. I spent a lot of time reading through Contivity docs to get it to work.

  3. By Morden SM4 () on

    My company uses a nortel contivity VPN switch for us all to conect into..we use the Windows client with username / password authentication.

    As I don't have any control over the VPN switch ( it's in another country ) this method in the document won't work for me.

    Has anyone ever got a peer - peer, OpenBSD - Nortel Contivity, using just the username / password authentication?

    Cheers

    Comments
    1. By djm () on

      If that is using IPsec XAUTH, then I don't think the current isakmpd supports it.

    2. By JeF () on

      Nortel's xauth based authentication does use a proprietary hash algorithm. So even if you support xauth, you'll *wont* be able to connect to the nortel box and it has been done *on purpose* by nortel. I just hope they dont sell on open standard arguments.

      Comments
      1. By Anonymous Coward () on

        On a Nortel Contivity, there is a option for IPSEC connections called "Allow Non-Contivity Clients" which might help creating user connections with isakmpd. I've never done it before (only "branch-office" tunnels) but as long as you have matching options on each end and don't require NAT traversal, you should be able to hack it together.

        Assuming that you or a helpful administrator on the other end knwos what the settings are on the Nortel.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]