Using shared secret with PGPNet ???

[Will Price]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One does not "use shared secret instead of IKE".  One uses IKE to
setup the shared secret connection. There is no way to securely use
IPsec without a control protocol like IKE.

PGPnet VPN has been tested with the OpenBSD IPsec/IKE implementation,
and it does work. There is probably more information on the web
somewhere regarding how to configure OpenBSD IPsec. To be sure, the
IPsec/IKE code on the OpenBSD side had to be the very latest versions
of everything.

I suggest using Expert mode to configure the gateway in PGPnet. You
will probably need to modify the proposals in the VPN Advanced
settings as well.



Etienne Goyer wrote:
> I am back to PGPNet and trying to have it use shared secret with an
> OpenBSD host setup for IPSec.  I have yet to make it work with
> shared secret.  The OpenBSD side should be correct as shared secret
> is well supported according to the docs.  I am using PGPNet version
> 7.0.3.  When I create my connection with the "Add host wizard", I
> choose "First attempt shared secret, then fallback to public
> key...".  However, PGPNet log and tcpdump output suggest the PGPNet
> host is going right to IKE for key exchange and don't even try
> shared secret.
> 
> I must be missing something really simple.  How do we force PGPNet
> to use shared secret instead of IKE ???  Any help appreciated.


- -- 

Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBOyfB4Ky7FkvPc+xMEQJ5gQCg6/Kw2M7YZh9dEbPkXgJMx9SIJcMAnigA
zhoxfO5N6vmLgB6jhOD9Dnrl
=afzM
-----END PGP SIGNATURE-----

VPN is sponsored by SecurityFocus.com