[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using gre(4), gif(4) ontop of ipsec(4) and other ISAKMPd scalability issues.

To: "Brian A. Seklecki" <lavalamp@spiritual-machines.org>
Subject: Re: Using gre(4), gif(4) ontop of ipsec(4) and other ISAKMPd scalability issues.
From: Markus Friedl <markus@openbsd.org>
Date: Fri, 1 Aug 2003 13:26:15 +0200
Cc: misc@openbsd.org
Content-Disposition: inline
References: <1059704307.8044.9.camel@addiction>
User-Agent: Mutt/1.4.1i

> Also, as for phase-1 authentication, pre-shared secret keys doesn't seem
> to scale well above and beyond simple point-to-point configurations, but

preshared is bogus IMHO.

i run isakmpd with RSA authentication, but without certificates.

this is similar to what ssh does.

see
     openssl(1)) and named and stored after this easy formula:
     For IPv4 identities   /etc/isakmpd/pubkeys/ipv4/A.B.C.D
     For IPv6 identities   /etc/isakmpd/pubkeys/ipv6/abcd:abcd::ab:bc
     For FQDN identities   /etc/isakmpd/pubkeys/fqdn/foo.bar.org
     For UFQDN identities  /etc/isakmpd/pubkeys/ufqdn/user@foo.bar.org

in isakmpd(8)

Prev by Date: Re: Using gre(4), gif(4) ontop of ipsec(4) and other ISAKMPd scalability issues.
Next by Date: apache, chroot, testing
Prev by thread: Re: Using gre(4), gif(4) ontop of ipsec(4) and other ISAKMPd scalability issues.
Next by thread: apache, chroot, testing
Index(es):
- Date
- Thread