[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: isakmpd
- To: Jorgen Granstam <Jorgen.Granstam@abc.se>
- Subject: Re: isakmpd
- From: Chuck <chuck@snew.com>
- Date: Sun, 5 Mar 2000 14:29:23 -0800
- Cc: Michael Gwilliam <michael@e-glyph.com>, misc@openbsd.org
- Mail-Followup-To: Jorgen Granstam <Jorgen.Granstam@abc.se>,Michael Gwilliam <michael@e-glyph.com>, misc@openbsd.org
- References: <20000222115631.A12060@fobot.nyc.e-glyph.com> <Pine.GSO.4.10.10002221800510.26400-100000@atle>
And having public CERTs for hosts on the public internet might be
useful in general with TLS applications coming out more and more.
The web server, mail server and VPNs can all use them. If you're
only connected internally, then an Internal, private CA is a good
thing to have - let users use S/MIME mail easily and keeps less
data in the clear.
Quoting Jorgen Granstam (Jorgen.Granstam@abc.se):
> On Tue, 22 Feb 2000, Michael Gwilliam wrote:
> > I found the http://www.secureops.com/resources/vpn information
> > to be a wonderful example of how to get isakmp daemon up
> > and running on 2 OpenBSD 2.6 boxes, but I'm not making any
> > progress with the isakmpd.policy file.
>
> I don't recall having any major problem when I configured
> my lab system here for use with shared keys but It was a while
> since now. I am now using certificates for authentication.
> However that requires upgrading isakmpd to current from CVS.
>
> > Has anybody had any luck with different keying schemes? If so,
> > can I see an example?
>
> You could have a look at my page on using isakmpd with X.509
> certificates at:
>
> http://hem.passagen.se/hojg/isakmpd/
>
> The info there is not very well tested yet but the config files there
> was based on working files I have here. I know a few people have
> read the text and a few errors were found and corrected. If you find
> anything that's not correct in there, please tell me and I'll fix it.
> I might even add more info later this week.